Lucene search
K

167 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

RHEL 9 : tomcat (RHSA-2025:14183)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14183 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

7.5CVSS7.7AI score0.64718EPSS
Exploits1References16
OSV
OSV
added 2025/08/20 12:0 a.m.8 views

ALSA-2025:14177 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...

7.5CVSS7.3AI score0.64718EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

RHEL 10 : tomcat9 (RHSA-2025:14178)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14178 advisory. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages...

7.5CVSS7.8AI score0.64718EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

RHEL 8 : tomcat (RHSA-2025:14177)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14177 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS ...

7.5CVSS7.7AI score0.64718EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Oracle Linux 8 : tomcat (ELSA-2025-14177)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14177 advisory. - Resolves: RHEL-102193 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames CVE-2025-48989 - Resolves: RHEL-108486 tomcat: Apache...

7.5CVSS7.7AI score0.64718EPSS
Exploits1References8
F5 Networks
F5 Networks
added 2025/07/16 9:14 a.m.11 views

K000152592: Apache Tomcat vulnerability CVE-2025-46701

Security Advisory Description Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1...

7.3CVSS7.8AI score0.02736EPSS
Exploits1
OSV
OSV
added 2025/07/10 10:47 a.m.17 views

BIT-TOMCAT-2025-46701 Apache Tomcat: Security constraint bypass for CGI scripts

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0 through 11.0.6, from 10.1.0 through...

7.3CVSS7.2AI score0.02736EPSS
Exploits1References4
OSV
OSV
added 2025/07/09 6:59 p.m.8 views

CLSA-2025-1752087582 Fix CVE(s): CVE-2025-31651

SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651...

9.8CVSS7AI score0.0418EPSS
Exploits1References1
OSV
OSV
added 2025/06/25 5:31 a.m.8 views

MGASA-2025-0191 Updated tomcat packages fix security vulnerabilities

FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...

7.5CVSS7.2AI score0.54877EPSS
Exploits1References4
Mageia
Mageia
added 2025/06/25 5:31 a.m.15 views

Updated tomcat packages fix security vulnerabilities

FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...

7.5CVSS7.4AI score0.54877EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/06/23 12:0 a.m.10 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1031)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1031 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the...

7.3CVSS8.3AI score0.02736EPSS
Exploits1References4
Amazon
Amazon
added 2025/06/23 12:0 a.m.8 views

Medium: tomcat10

Issue Overview: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, fr...

7.3CVSS9.8AI score0.02736EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/06/23 12:0 a.m.10 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-019)

The version of tomcat installed on the remote host is prior to 9.0.105-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-019 advisory. Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of...

7.3CVSS8.4AI score0.02736EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/06/17 2:18 a.m.5 views

SUSE CVE-2025-49125

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...

7.4CVSS7.6AI score0.03163EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2025/06/17 12:0 a.m.10 views

Apache Tomcat Multiple Vulnerabilities (Jun 2025) - Windows

Apache Tomcat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if descriptio...

7.5CVSS7.8AI score0.64718EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2025/06/17 12:0 a.m.12 views

Apache Tomcat Multiple Vulnerabilities (Jun 2025) - Linux

Apache Tomcat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if descriptio...

7.5CVSS7.8AI score0.64718EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/06/16 3:32 p.m.15 views

Apache Tomcat - Security constraint bypass for pre/post-resources

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...

7.5CVSS7.5AI score0.03163EPSS
Exploits0References11Affected Software2
CVE
CVE
added 2025/06/16 2:18 p.m.320 views

CVE-2025-49125

CVE-2025-49125 describes an Authentication Bypass via an Alternate Path or Channel in Apache Tomcat. Affected: Tomcat 11.0.0-M1–11.0.7, 10.1.0-M1–10.1.41, 9.0.0.M1–9.0.105; EOL versions (e.g., 8.5.x) may also be affected. Upstream fix advised: upgrade to Tomcat 11.0.8, 10.1.42 or 9.0.106. The CVS...

7.5CVSS7.6AI score0.03163EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/06/16 2:18 p.m.35 views

CVE-2025-49125 Apache Tomcat: Security constraint bypass for pre/post-resources

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by th...

0.03163EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/06/12 12:0 a.m.10 views

Mageia: Security Advisory (MGASA-2025-0177)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3CVSS7.5AI score0.02736EPSS
Exploits1References4
Rows per page
Query Builder