211 matches found
GHSA-4J3C-42XV-3F84 vulnerabilities
Vulnerabilities for packages: tomcat...
Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.
Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.4. Vulnerability Details CVEID:CVE-2026-41284 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M...
Security Bulletin: Vulnerabilities in Spring, Tomcat, Netty, Picomatch might affect IBM Storage Protect Plus
Summary IBM Storage Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Netty, Picomatch . Vulnerabilities include stack-based buffer overflow, improper encoding or escaping of output, deserialization of untrusted data, improper restriction of operations within the bounds of a memo...
USN-8450-1: Tomcat vulnerabilities
It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validat...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-29146 DESCRIPTION: Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1...
Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), URL Redirection to Untrusted Site ('Open Redirect'), and 3 more (CVE-2026-24880, CVE-2026-25854, and 3 more)
Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24880, CVE-2026-25854, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTIO...
TencentOS Server 4: tomcat (TSSA-2026:0337)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0337 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerabilities (USN-8383-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8383-1 advisory. It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass...
Security Bulletin: Vulnerabilities in tomcat affects IBM Netezza Appliance
Summary The tomcat package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-31651,CVE-2025-55752 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat...
RHEL 10 / 8 / 9 : Red Hat JBoss Web Server 6.2.3 (RHSA-2026:20405)
The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20405 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised ...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.3 release and security update
Red Hat JBoss Web Server 6.2.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.3 release and security update
Red Hat JBoss Web Server 6.2.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1672 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1...
Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1673)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1673 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1...
RHEL 10 : tomcat (RHSA-2026:18537)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18537 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...
RHEL 9 : tomcat (RHSA-2026:18916)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18916 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...
Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1
Summary Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1 Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on...
Apache Tomcat 9.0.0.M1 < 9.0.118 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.118. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.118security-9 advisory. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. Th...
KLA91043 Multiple vulnerabilities in Apache Tomcat
Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Security vulnerability can be exploited to bypass security...
Security Bulletin: Vulnerabilities in Apache Tomcat might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat. Vulnerabilities include Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token and...