31 matches found
GHSA-7JQF-V358-P8G7 vulnerabilities
Vulnerabilities for packages: tomcat...
CVE-2025-53506 vulnerabilities
Vulnerabilities for packages: tomcat...
CVE-2025-53506 vulnerabilities
Vulnerabilities for packages: tomcat...
Updated tomcat packages fix security vulnerabilities
FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...
MGASA-2025-0191 Updated tomcat packages fix security vulnerabilities
FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...
Ubuntu: Security Advisory (USN-7562-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated tomcat packages fix security vulnerability
Security constraint bypass for CGI scripts. CVE-2025-46701...
MGASA-2025-0177 Updated tomcat packages fix security vulnerability
Security constraint bypass for CGI scripts. CVE-2025-46701...
MGASA-2025-0145 Updated tomcat packages fix security vulnerabilities
DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...
Updated tomcat packages fix security vulnerabilities
DoS via malformed HTTP/2 PRIORITYUPDATE frame. CVE-2025-31650 Bypass of rules in Rewrite Valve. CVE-2025-31651...
Updated tomcat packages fix security vulnerabilities
RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...
MGASA-2024-0394 Updated tomcat packages fix security vulnerabilities
RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...
MGASA-2024-0379 Updated tomcat packages fix security vulnerabilities
Authentication bypass when using Jakarta Authentication API. CVE-2024-52316 Incorrect JSP tag recycling leads to XSS. CVE-2024-52318...
MGASA-2024-0267 Updated tomcat packages fix security vulnerability
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...
MGASA-2024-0090 Updated tomcat packages fix security vulnerabilities
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. CVE-2024-23672 Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apach...
NewStart CGSL CORE 5.05 / MAIN 5.05 : tomcat Multiple Vulnerabilities (NS-SA-2021-0144)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tomcat packages installed that are affected by multiple vulnerabilities: - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacke...
MGASA-2021-0072 Updated tomcat packages fix a security vulnerability
When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath which in turn was caused by the...
MGASA-2020-0397 Updated tomcat packages fix a security vulnerability
If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than t...
MGASA-2019-0260 Updated tomcat packages fix security vulnerabilities
Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...
MGASA-2018-0479 Updated tomcat packages fix security vulnerabilities
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service CVE-2018-1336. The defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins. It is expected that user...