167 matches found
RHEL 9 : tomcat (RHSA-2025:14183)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14183 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...
ALSA-2025:14177 Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...
RHEL 10 : tomcat9 (RHSA-2025:14178)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14178 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages...
RHEL 8 : tomcat (RHSA-2025:14177)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14177 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...
Oracle Linux 8 : tomcat (ELSA-2025-14177)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14177 advisory. - Resolves: RHEL-102193 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames CVE-2025-48989 - Resolves: RHEL-108486 tomcat: Apache...
K000152592: Apache Tomcat vulnerability CVE-2025-46701
Security Advisory Description Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1...
BIT-TOMCAT-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0 through 11.0.6, from 10.1.0 through...
CLSA-2025-1752087582 Fix CVE(s): CVE-2025-31651
SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...
MGASA-2025-0191 Updated tomcat packages fix security vulnerabilities
FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...
Updated tomcat packages fix security vulnerabilities
FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1031)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1031 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...
Medium: tomcat10
Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-019)
The version of tomcat installed on the remote host is prior to 9.0.105-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-019 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of...
SUSE CVE-2025-49125
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...
Apache Tomcat Multiple Vulnerabilities (Jun 2025) - Windows
Apache Tomcat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if descriptio...
Apache Tomcat Multiple Vulnerabilities (Jun 2025) - Linux
Apache Tomcat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if descriptio...
Apache Tomcat - Security constraint bypass for pre/post-resources
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...
CVE-2025-49125
CVE-2025-49125 describes an Authentication Bypass via an Alternate Path or Channel in Apache Tomcat. Affected: Tomcat 11.0.0-M1–11.0.7, 10.1.0-M1–10.1.41, 9.0.0.M1–9.0.105; EOL versions (e.g., 8.5.x) may also be affected. Upstream fix advised: upgrade to Tomcat 11.0.8, 10.1.42 or 9.0.106. The CVS...
CVE-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...
Mageia: Security Advisory (MGASA-2025-0177)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...