Lucene search
K

13 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Tomcat9

Apache Tomcat has a Relative Path Traversal vulnerability. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before being decoded. This created the possibility that, for rewrite rules that modify query parameters into the URL, an attacker could manipulate the...

7.5CVSS7.3AI score0.66535EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2025/12/10 2:55 p.m.5 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.10 views

PT-2025-43996

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.10 Apache Tomcat versions 10.1.0-M1 through 10.1.44 Apache Tomcat versions 9.0.0.M11 through 9.0.108 Apache Tomcat versions 8.5.6 through 8.5.100 Description A relative path traversal issue exists...

7.5CVSS7.3AI score0.66535EPSS
Exploits4References200
Tenable Nessus
Tenable Nessus
added 2025/06/20 12:0 a.m.12 views

Apache Tomcat 11.0.0-M1 < 11.0.8 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...

8.4CVSS7.5AI score0.64718EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/06/20 12:0 a.m.25 views

Apache Tomcat 9.0.0-M1 < 9.0.106 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...

8.4CVSS7.5AI score0.64718EPSS
Exploits1References6
Apache Tomcat
Apache Tomcat
added 2025/05/13 12:0 a.m.20 views

Fixed in Apache Tomcat 11.0.7

Low: CGI security constraint bypass CVE-2025-46701 When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. This was...

7.3CVSS7.6AI score0.02736EPSS
Exploits1Affected Software1
Amazon
Amazon
added 2025/05/13 12:0 a.m.11 views

Important: tomcat10

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException...

9.8CVSS9.4AI score0.66933EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/04/30 12:0 a.m.31 views

Apache Tomcat 11.0.0.M1 < 11.0.6 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.6security-11 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a...

9.8CVSS7.6AI score0.0418EPSS
Exploits1References6
OSV
OSV
added 2024/06/11 12:37 p.m.8 views

USN-6826-1 libapache-mod-jk vulnerability

Karl von Randow discovered that modjk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in httpd...

7.5CVSS5.8AI score0.01257EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.7AI score0.99298EPSS
Exploits11References1
CNVD
CNVD
added 2016/12/08 12:0 a.m.3 views

SimpleSAMLphp Security Bypass Vulnerability

SimpleSAMLphp is an application written in native PHP for handling validation.The SAML2Utils class provides a series of methods to validate XML digital signatures against given keywords. A security bypass vulnerability exists in SimpleSAMLphp. An attacker can bypass security constraints to perfor...

9.1CVSS7AI score0.02424EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.4 views

Web: Bypass of security constraints

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

4.3CVSS6.6AI score0.11975EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/14 8:45 p.m.6 views

Web: Bypass of security constraints

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

4.3CVSS6.6AI score0.11975EPSS
Exploits1References4
Rows per page
Query Builder