4 matches found
CLSA-2026-1778130778 tomcat: Fix of 2 CVEs
CVE-2025-48988: limit number and header size of multipart parts - CVE-2025-52520: use Math.addExact and long postSize to prevent overflow bypass of maxPostSize during multipart upload...
CLSA-2026-1774859936 tomcat: Fix of CVE-2026-24733
CVE-2026-24733: limit HTTP/0.9 requests to GET method only...
CLSA-2025-1750785145 tomcat: Fix of CVE-2025-31651
CVE-2025-31651: enforces rewrite rules to preventing bypass of security constraints in specific configurations...
tomcat: incomplete fix for CVE-2012-3544
It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by...