10 matches found
CVE-2026-40075
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...
CVE-2026-34500
CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...
CVE-2026-29145
CVE-2026-29145 describes an authentication bypass in Apache Tomcat mutual TLS (CLIENT_CERT) when OCSP soft-fail is disabled. Affected are Tomcat 11.0.0-M1–11.0.18, 10.1.0-M7–10.1.52, and 9.0.83–9.0.115, plus Tomcat Native 1.1.23–1.1.34, 1.2.0–1.2.39, 1.3.0–1.3.6, and 2.0.0–2.0.13. With OCSP failu...
K000156952: Apache Tomcat vulnerability CVE-2025-55668
Security Advisory Description Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgra...
Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986121)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986121 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1166)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1166 advisory. Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813 – Apache Tomcat RCE Exploit Descrição ---------...
Linux Distros Unpatched Vulnerability : CVE-2025-53506
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum...
OESA-2021-1075 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...