Apache Tomcat 11.0.15 < 11.0.20 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.20security-11 advisory. - Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the...

Apache Tomcat 11.0.0.M1 < 11.0.15 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.15security-11 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...

UBUNTU-CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

Improper Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authorization in prepareRequestProtocol, which accepts HTTP/0.9 requests other than GET. A security constraint configured to allow HEAD requests to a UR...

BIT-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values toexceed their size limit. MetaDataBuilder.java determines if a...

Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

CVE-2023-36478 HTTP/2 HPACK integer overflow and buffer allocation

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

Eclipse Jetty OpenID Vulnerability (GHSA-pwh8-58vv-vw48) - Linux

Eclipse Jetty is prone to a vulnerability in OpenIdAuthenticator. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

Eclipse Jetty CgiServlet Vulnerability (GHSA-3gh6-v5v9-6v9j) - Windows

Eclipse Jetty is prone to a vulnerability in the CgiServlet. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...