6 matches found
SUSE-SU-2026:2675-1 Security update for tomcat
This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...
Advisory ROSA-SA-2026-3215
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-15 affected versions tomcat-9.0.37-15 CVE-ID: CVE-2025-55752 BDU-ID: 2025-13742 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability involves relative path traversal. Exploitation of the...
MiracleLinux 8 : tomcat-9.0.87-1.el8_10.4 (AXSA:2025-10519:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10519:03 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP...
OPENSUSE-SU-2025:15716-1 tomcat-9.0.111-1.1 on GA media
These are all security issues fixed in the tomcat-9.0.111-1.1 package on the GA media of openSUSE Tumbleweed...
Advisory ROSA-SA-2025-3033
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-14 affected versions tomcat-9.0.37-14 CVE-ID: CVE-2025-48989 BDU-ID: 2025-09899 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP2 handler of the Apache Tomcat application server is related to incorrect resource...
UBUNTU-CVE-2017-7674
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...