Lucene search
K

65 matches found

Cvelist
Cvelist
added yesterday11 views

CVE-2026-59083 Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

0.00156EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/06/29 12:0 a.m.8 views

tomcat security update

1:9.0.117-1 - Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation - Resolves: Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 - Resolves: Tomcat: Cloud membership for clustering component exposed the Kubernet...

9.6CVSS7.2AI score0.21691EPSS
Exploits9
RedHat Linux
RedHat Linux
added 2026/05/19 9:22 a.m.12 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS7.3AI score0.02736EPSS
Exploits1References5
OSV
OSV
added 2026/02/17 9:31 p.m.6 views

GHSA-QQ5R-98HH-RXC9 Apache Tomcat - Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

6.9CVSS7.2AI score0.00494EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/02/17 6:50 p.m.2 views

CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

5.8AI score0.00494EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/16 10:0 p.m.7 views

Improper Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authorization in prepareRequestProtocol, which accepts HTTP/0.9 requests other than GET. A security constraint configured to allow HEAD requests to a UR...

6.5CVSS5.6AI score0.00494EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/16 6:57 p.m.4 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS5.7AI score0.02736EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 4 : tomcat6-6.0.24-48.AXS4 (AXSA:2013-27:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-27:01 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet...

4.3CVSS7.1AI score0.11975EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.6 views

RockyLinux 10 : tomcat (RLSA-2025:14179)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:14179 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

7.5CVSS7.6AI score0.64718EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-16411

Malicious code in bioql PyPI...

7.3CVSS7.8AI score0.02736EPSS
Exploits1References12
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.7 views

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

7.5CVSS7.7AI score0.64718EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.7 views

Oracle Linux 9 : tomcat (ELSA-2025-14181)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14181 advisory. - Resolves: RHEL-102200 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames CVE-2025-48989 - Resolves: RHEL-108491 tomcat: Apache...

7.5CVSS7.7AI score0.64718EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/20 3:40 p.m.8 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7AI score0.64718EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/20 3:40 p.m.3 views

tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

A flaw has been discovered in path handling logic in Apache Tomcat. When using either PreResources or PostResources mounted on a non-root path, it is possible to access resources via an unexpected path. This may result in leaking of files on those paths...

7.5CVSS7.1AI score0.03163EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/08/20 3:37 p.m.16 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7AI score0.64718EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/08/20 3:36 p.m.13 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7AI score0.64718EPSS
Exploits1References7
OSV
OSV
added 2025/08/20 12:0 a.m.8 views

ALSA-2025:14177 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

7.5CVSS7.3AI score0.64718EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

RHEL 10 : tomcat9 (RHSA-2025:14178)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14178 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages...

7.5CVSS7.8AI score0.64718EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

RHEL 8 : tomcat (RHSA-2025:14177)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14177 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

7.5CVSS7.7AI score0.64718EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

RHEL 9 : tomcat (RHSA-2025:14183)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14183 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

7.5CVSS7.7AI score0.64718EPSS
Exploits1References16
Rows per page
Query Builder