Lucene search
K

277 matches found

OSV
OSV
added 5 days ago3 views

DEBIAN-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 5 days ago13 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.00383EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

UBUNTU-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00383EPSS
Exploits0References7
Debian CVE
Debian CVE
added 5 days ago6 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00383EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00383EPSS
Exploits0References1
CVE
CVE
added 5 days ago69 views

CVE-2026-55956

CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...

6.5CVSS5.7AI score0.00383EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-53745

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

6.5CVSS5.8AI score0.00383EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.13 views

Astra Linux – Vulnerability in Tomcat9

Improper handling of the case sensitivity vulnerability in Apache Tomcat’s GCI servlet allows bypassing security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through...

7.3CVSS7.2AI score0.02608EPSS
Exploits1References2
OSV
OSV
added 2026/06/11 4:9 p.m.4 views

SUSE-SU-2026:2377-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS5.6AI score0.01339EPSS
Exploits2References15
SUSE Linux
SUSE Linux
added 2026/06/11 3:34 p.m.6 views

Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

8.7CVSS6.6AI score0.01339EPSS
Exploits2References28
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Tomcat9

Apache Tomcat has a Relative Path Traversal vulnerability. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before being decoded. This created the possibility that, for rewrite rules that modify query parameters into the URL, an attacker could manipulate the...

7.5CVSS7.3AI score0.66535EPSS
Exploits4References2
OSV
OSV
added 2026/05/15 6:17 a.m.9 views

MGASA-2026-0139 Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References10
OSV
OSV
added 2026/05/12 6:30 p.m.6 views

GHSA-5M62-PW8W-7W9F Apache Tomcat - Security constraints not correctly applied

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References10
Snyk
Snyk
added 2026/05/12 5:22 p.m.13 views

Improper Authorization

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization in the processing of security constraints when multiple method constraints define an HTTP method for the...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.13 views

Improper Authorization

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization in the processing of security constraints when multiple method constraints define an HTTP method for the same...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/12 5:22 p.m.14 views

Improper Authorization

Overview org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization in the processing of security constraints when multiple method constraints define an HTTP method for the same extension. An...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References2
Apache Tomcat
Apache Tomcat
added 2026/05/11 12:0 a.m.10 views

Fixed in Apache Tomcat 10.1.55

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commit c6213173. This issue was reported to the Tomcat securit...

9.8CVSS5.8AI score0.01339EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/05/10 12:0 a.m.9 views

Fixed in Apache Tomcat 9.0.118

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commit db919ff9. This issue was reported to the Tomcat securit...

9.8CVSS5.8AI score0.01339EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/05/05 12:0 a.m.9 views

Fixed in Apache Tomcat 11.0.22

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commits 276087d9 and 06597486. This issue was reported to the...

9.8CVSS5.8AI score0.01339EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/30 2:2 p.m.13 views

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

6.5CVSS7.2AI score0.00494EPSS
Exploits0References5
Rows per page
Query Builder