Lucene search
K

63 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 9:22 a.m.12 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS7.3AI score0.02608EPSS
Exploits1References5
OSV
OSV
added 2026/02/17 9:31 p.m.6 views

GHSA-QQ5R-98HH-RXC9 Apache Tomcat - Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

6.9CVSS7.2AI score0.00494EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/02/17 6:50 p.m.2 views

CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

5.8AI score0.00494EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/16 10:0 p.m.4 views

Improper Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authorization in prepareRequestProtocol, which accepts HTTP/0.9 requests other than GET. A security constraint configured to allow HEAD requests to a UR...

6.5CVSS5.6AI score0.00494EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/16 6:57 p.m.4 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS5.7AI score0.02608EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 4 : tomcat6-6.0.24-48.AXS4 (AXSA:2013-27:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-27:01 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...

4.3CVSS7.1AI score0.11975EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.5 views

RockyLinux 10 : tomcat (RLSA-2025:14179)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14179 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

7.5CVSS7.6AI score0.63258EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-16411

Malicious code in bioql PyPI...

7.3CVSS7.8AI score0.02608EPSS
Exploits1References12
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.6 views

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

7.5CVSS7.7AI score0.63258EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.7 views

Oracle Linux 9 : tomcat (ELSA-2025-14181)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14181 advisory. - Resolves: RHEL-102200 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames CVE-2025-48989 - Resolves: RHEL-108491 tomcat: Apache...

7.5CVSS7.7AI score0.63258EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/20 3:40 p.m.8 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7AI score0.63258EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/20 3:40 p.m.3 views

tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

7.5CVSS7.1AI score0.03163EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/20 3:37 p.m.16 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7AI score0.63258EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/20 3:36 p.m.13 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7AI score0.63258EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

RHEL 10 : tomcat9 (RHSA-2025:14178)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14178 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages...

7.5CVSS7.8AI score0.63258EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

RHEL 8 : tomcat (RHSA-2025:14177)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14177 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

7.5CVSS7.7AI score0.63258EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Oracle Linux 8 : tomcat (ELSA-2025-14177)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14177 advisory. - Resolves: RHEL-102193 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames CVE-2025-48989 - Resolves: RHEL-108486 tomcat: Apache...

7.5CVSS7.7AI score0.63258EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

RHEL 9 : tomcat (RHSA-2025:14183)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14183 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

7.5CVSS7.7AI score0.63258EPSS
Exploits1References16
OSV
OSV
added 2025/08/20 12:0 a.m.8 views

ALSA-2025:14177 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

7.5CVSS7.3AI score0.63258EPSS
Exploits1References16
F5 Networks
F5 Networks
added 2025/07/16 9:14 a.m.11 views

K000152592: Apache Tomcat vulnerability CVE-2025-46701

Security Advisory Description Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1...

7.3CVSS7.8AI score0.02608EPSS
Exploits1
Rows per page
Query Builder