12460 matches found
Security Bulletin: Vulnerabilities in tomcat affects IBM Netezza Appliance
Summary The tomcat package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-31651,CVE-2025-55752 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat...
Apache Tomcat - HTTP Request Smuggling
Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...
Apache Tomcat - Cross-Site Scripting
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be prese...
Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access. id: CVE-2000-0760 info: name: Jakarta Tomcat 3.1 and 3.0 -...
Apache Tomcat Examples Web Application - Cross-Site Scripting
Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true...
Apache Tomcat 4.x-7.x - Cross-Site Scripting
Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. id: CVE-2007-2449 info: name: Apache Tomcat 4.x-7.x - Cross-Site Scripting author:...
RockyLinux 10 : tomcat (RLSA-2026:19054)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...
RockyLinux 10 : tomcat (RLSA-2026:18537)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18537 advisory. tomcat: Apache Tomcat: Security constraint bypass for CGI scripts CVE-2025-46701 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session...
USN-8369-1: Apache Tomcat Connectors vulnerability
It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...
ROOT-APP-MAVEN-CVE-2025-55752 CVE-2025-55752 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-55752 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-43515 CVE-2026-43515 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2026-43515 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-43513 CVE-2026-43513 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2026-43513 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-31650 CVE-2025-31650 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2025-31650 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-61795 CVE-2025-61795 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-61795 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-34487 CVE-2026-34487 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2026-34487 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-31651 CVE-2025-31651 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Root has patched CVE-2025-31651 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-43512 CVE-2026-43512 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2026-43512 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-42498 CVE-2026-42498 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Root has patched CVE-2026-42498 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available...