Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52591

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where SNI Server Name Indication and ALPN Application-Layer Protocol Negotiation bindings are missing during stateful session-ID resumption. This...

7.5CVSS5.7AI score0.0021EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/30 1:58 p.m.9 views

tomcat: Client certificate verification bypass due to virtual host mapping

A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one ...

9.1CVSS7AI score0.00235EPSS
Exploits0References5
OSV
OSV
added 2026/03/25 5:35 p.m.8 views

CLSA-2026-1774460133 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: client certificate authentication bypass through mismatched SNI and HTTP Host header - debian/patches/CVE-2025-66614.patch: Add strictSNI connector attribute and implement SNI/protocol host name matching for NIO, NIO2, and APR connectors; prevent requests being served by mismatch...

9.1CVSS6.8AI score0.00235EPSS
Exploits0References1
Amazon
Amazon
added 2026/03/19 12:0 a.m.7 views

Important: tomcat

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

9.1CVSS7.5AI score0.00498EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-66614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through...

9.1CVSS6.7AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 7:21 p.m.15 views

UBUNTU-CVE-2025-66614

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

9.1CVSS7.1AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 6:48 p.m.8 views

CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

7.6CVSS6.7AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder