263 matches found
CVE-2001-0917
The CVE-2001-0917 entry concerns Apache Tomcat 4.0.1. The provided materials confirm an information-disclosure vulnerability where remote attackers can reveal the full install path of Tomcat by requesting a long URL that ends with a .JSP extension. The issue is tied to path disclosure via crafted...
CVE-2002-0935
The CVE-2002-0935 issue affects Apache Tomcat 4.0.3 and possibly earlier 4.1.3 beta; it enables remote denial of service through a flood of requests containing null characters, causing server threads to hang due to resource exhaustion. The vulnerability targets the HTTP request handling path, lea...
CVE-2005-4703
CVE-2005-4703 affects Apache Tomcat 4.0.3 on Windows. When a request targets a file whose name matches an MS-DOS device name (e.g., lpt9), the server may disclose the pathname in an error message (demonstrated by lpt9.xtp, e.g., via Nikto). Root cause: improper handling of MS-DOS device names lea...
CVE-2002-1895
The vulnerability CVE-2002-1895 affects the Tomcat servlet engine in versions 3.3 and 4.0.4 when used with IIS and the ajp1.3 connector. Affected component: servlet engine; issue: remote attackers can trigger a denial of service (crash) by issuing a large sequence of HTTP GET requests for MS-DOS ...
CVE-2002-2009
Affected software: Apache Tomcat 4.0.1. Vulnerability: Information disclosure where remote attackers can obtain the web root/pathname by triggering error pages for JSP requests that use a leading sequence (+/, >/,
CVE-2026-29129
CVE-2026-29129 is a vulnerability in Apache Tomcat where the configured cipher preference order is not preserved. It affects Tomcat versions 11.0.16–11.0.18, 10.1.51–10.1.52, and 9.0.114–9.0.115, per multiple sources (NVD, Debian security advisories, EUVD). The issue can impact confidentiality (C...
CVE-2026-34483
CVE-2026-34483 is an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. Affected versions: Tomcat 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. Exploitation concerns are not detailed in the provided docum...
CVE-2026-34500
CVE-2026-34500 affects Apache Tomcat, where CLIENT_CERT authentication may bypass non-failing behavior in scenarios with soft fail disabled and FFM . Affected versions are: Tomcat 11.0.0-M14 through 11.0.20, 10.1.22 through 10.1.53, and 9.0.92 through 9.0.116. The issue is resolved by upgrading t...
CVE-2026-24880
CVE-2026-24880 describes an HTTP Request/Response Smuggling vulnerability in Apache Tomcat caused by inconsistent interpretation of HTTP requests via invalid chunk extension. Affected products include Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M1 through 9.0.115, 8.5.0 thr...
CVE-2026-24733
CVE-2026-24733 describes an Improper Input Validation in Apache Tomcat where HTTP/0.9 HEAD requests can bypass security constraints intended for GET. Affected: Apache Tomcat 11.0.0-M1–11.0.14, 10.1.0-M1–10.1.49, 9.0.0.M1–9.0.112 (plus older EOL as noted). The root cause is failure to restrict HTT...
CVE-2026-32990
CVE-2026-32990 is an Apache Tomcat vulnerability caused by an incomplete fix of CVE-2025-66614 (improper input validation). Affected are Tomcat 11.0.15–11.0.19, 10.1.50–10.1.52, and 9.0.113–9.0.115. Upgrading to fixed releases 11.0.20, 10.1.53, or 9.0.116 is recommended. Other connected advisorie...
CVE-2026-34487
CVE-2026-34487 : Apache Tomcat contains an information disclosure vulnerability titled “Insertion of Sensitive Information into Log File” in the cloud membership for the clustering component, exposing the Kubernetes bearer token. Affected versions include Tomcat 11.0.0-M1 through 11.0.20, 10.1.0-...
CVE-2026-59084
CVE-2026-59084 affects Apache Tomcat across multiple branches (11.x, 10.x, 9.x, 8.x, 7.x) where EncryptInterceptor configuration requirements were not clearly documented, per NVD and related sources. Root cause: insufficient technical documentation for EncryptInterceptor configuration. Impact sta...