12628 matches found
CVE‑2026‑49975 – HTTP/2 Denial of Service Vulnerability
Status: EPMM unaffected Summary: CVE‑2026‑49975 is a denial‑of‑service DoS vulnerability affecting HTTP/2 implementations in several web servers. The issue allows an unauthenticated attacker to exhaust server memory using specially crafted HTTP/2 requests. EPMM / Sentry rely on Apache Tomcat for...
Apache Tomcat - Cross-Site Scripting
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be prese...
Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access. id: CVE-2000-0760 info: name: Jakarta Tomcat 3.1 and 3.0 -...
Apache Tomcat Examples Web Application - Cross-Site Scripting
Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true...
Apache Tomcat Remote Command Execution
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...
Security update for tomcat10
This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...
Security update for tomcat11
This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...
ROOT-APP-MAVEN-CVE-2025-31650 CVE-2025-31650 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2025-31650 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-55752 CVE-2025-55752 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-55752 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-31651 CVE-2025-31651 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-31651 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-49124 CVE-2025-49124 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-49124 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-66614 CVE-2025-66614 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-66614 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-44487 CVE-2023-44487 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2023-44487 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-23672 CVE-2024-23672 in io.root.org.apache.tomcat.embed:tomcat-embed-websocket - Patched by Root
Root has patched CVE-2024-23672 in the io.root.org.apache.tomcat.embed:tomcat-embed-websocket package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-46589 CVE-2023-46589 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2023-46589 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-24998 CVE-2023-24998 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2023-24998 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2021-25122 CVE-2021-25122 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2021-25122 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-34750 CVE-2024-34750 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2024-34750 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...