tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

GHSA-QQ5R-98HH-RXC9 Apache Tomcat - Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

Improper Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authorization in prepareRequestProtocol, which accepts HTTP/0.9 requests other than GET. A security constraint configured to allow HEAD requests to a UR...

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

MiracleLinux 4 : tomcat6-6.0.24-48.AXS4 (AXSA:2013-27:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-27:01 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

Fixed in Apache Tomcat 9.0.113

Low: Security constraint bypass CVE-2026-24733 Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification invalid HEAD...

EUVD-2018-0522

Malware in sbrugna...

RockyLinux 10 : tomcat (RLSA-2025:14179)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14179 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

EUVD-2022-46726

Malicious code in bioql PyPI...

EUVD-2025-16411

Malicious code in bioql PyPI...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

Oracle Linux 9 : tomcat (ELSA-2025-14181)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14181 advisory. - Resolves: RHEL-102200 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames CVE-2025-48989 - Resolves: RHEL-108491 tomcat: Apache...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2025:14177 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

RHEL 9 : tomcat (RHSA-2025:14183)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14183 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...