Lucene search
+L

164 matches found

OSV
OSV
added 2026/04/09 8:16 p.m.11 views

UBUNTU-CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/04/09 7:20 p.m.38 views

CVE-2026-29145 Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

0.00715EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/09 7:20 p.m.3 views

CVE-2026-29145 Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

5.8AI score0.00715EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2026/04/09 7:20 p.m.5 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.3AI score0.00715EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:20 p.m.6 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

5.8AI score0.00715EPSS
Exploits2References2Affected Software2
Apache Tomcat
Apache Tomcat
added 2026/04/09 7:20 p.m.8 views

Fixed in Apache Tomcat Native Connector 2.0.14 / 1.3.7

Moderate: OCSP checks sometimes soft-fail even when soft-fail is disabled CVE-2026-29145 CLIENTCERT authentication did not fail OCSP checks as expected for some scenarios when soft fail was disabled. This was fixed with commit bcea0ac2 2.0.x and 204f7f8a 1.3.x. This issue was reported to the Tomc...

9.1CVSS5.8AI score0.00715EPSS
Exploits2Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/09 7:20 p.m.9 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.8AI score0.00715EPSS
Exploits2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Apache Tomcat和Apache Tomcat Native 安全漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat client certificate has a validation flaw vulnerability, the vulnerability is due to allow revoked certificate/test...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References1
Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Important: tomcat10

Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...

9.1CVSS6.9AI score0.00498EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/03/25 4:44 p.m.7 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS5.7AI score0.00498EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-31699

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 9.0.83 through 9.0.115 Apache Tomcat versions 10.1.0-M7 through 10.1.52 Apache Tomcat versions 11.0.0-M1 through 11.0.18 Apache Tomcat Native versions 1.1.23 through 1.1.34 Apache Tomcat Native versions 1.2.0 through...

9.8CVSS5.8AI score0.21691EPSS
Exploits8References136
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.18 views

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2026-024 (ALASTOMCAT9-2026-024)

The version of tomcat installed on the remote host is prior to 9.0.115-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2026-024 advisory. mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from...

9.1CVSS7AI score0.00498EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/03/12 5:39 a.m.14 views

Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...

8.7CVSS7.1AI score0.00498EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/03/06 9:4 p.m.3 views

Astra Linux - уязвимость в tomcat9

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

7.5CVSS5.8AI score0.00498EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 9:53 a.m.4 views

BIT-TOMCAT-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

7.5CVSS5.7AI score0.00498EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/02/19 12:25 a.m.4 views

SUSE CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

6.8CVSS5.7AI score0.00498EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/02/18 4:16 p.m.4 views

CVE-2026-24734

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS5.5AI score0.00498EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.5 views

Apache Tomcat 11.0.0.M1 < 11.0.18

The version of Tomcat installed on the remote host is prior to 11.0.18. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.18security-11 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-24734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat...

7.5CVSS6.7AI score0.00498EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.6 views

Apache Tomcat 10.1.0.M7 < 10.1.52

The version of Tomcat installed on the remote host is prior to 10.1.52. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.52security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
Rows per page
Query Builder