Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

Apache Tomcat 11.0.0.M1 < 11.0.22 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.22. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.22security-11 advisory. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat...

Astra Linux - уязвимость в tomcat9

In some unusual configurations of multipart uploads, an Integer Overflow vulnerability in Apache Tomcat can lead to a Denial-of-Service attack by bypassing size limits. This issue affects Apache Tomcat versions as follows: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, and from...

Astra Linux – Vulnerability in Tomcat9

The vulnerability involving the insertion of sensitive information into log files in the cloud membership of the clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, and...

Medium: tomcat-native

Issue Overview: CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115;...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2026:1572-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1572-1 advisory. Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-014270)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014270 advisory. Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Nativ...

Apache Tomcat 9.0.92 < 9.0.117 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.117. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.117security-9 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin...

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

Advisory ROSA-SA-2026-3215

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-15 affected versions tomcat-9.0.37-15 CVE-ID: CVE-2025-55752 BDU-ID: 2025-13742 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability involves relative path traversal. Exploitation of the...

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass due ...

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20350-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20350-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...

Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...

SUSE-SU-2026:0890-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

OPENSUSE-SU-2026:20350-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

OPENSUSE-SU-2026:10305-1 tomcat-9.0.115-1.1 on GA media

These are all security issues fixed in the tomcat-9.0.115-1.1 package on the GA media of openSUSE Tumbleweed...

Apache Tomcat 10.1.0.M7 < 10.1.52

The version of Tomcat installed on the remote host is prior to 10.1.52. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.52security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder...

Apache Tomcat 9.0.83 < 9.0.115

The version of Tomcat installed on the remote host is prior to 9.0.115. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.115security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder,...

GHSA-FPJ8-GQ4V-P354 Apache Tomcat - Client certificate verification bypass

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

MiracleLinux 7 : tomcat-7.0.76-16.0.1.el7.AXS7 (AXSA:2024-8731:12)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8731:12 advisory. Fix file path bug introduced by the CVE-2021-25329 fix CVEs: CVE-2021-25329 The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to...