Lucene search
K
ApacheTomcat

261 matches found

CVE
CVE
added 2006/02/01 8:0 p.m.54 views

CVE-2005-4703

CVE-2005-4703 affects Apache Tomcat 4.0.3 on Windows. When a request targets a file whose name matches an MS-DOS device name (e.g., lpt9), the server may disclose the pathname in an error message (demonstrated by lpt9.xtp, e.g., via Nikto). Root cause: improper handling of MS-DOS device names lea...

5CVSS6.1AI score0.25132EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.50 views

CVE-2002-2009

Affected software: Apache Tomcat 4.0.1. Vulnerability: Information disclosure where remote attackers can obtain the web root/pathname by triggering error pages for JSP requests that use a leading sequence (+/, >/,

5CVSS6.7AI score0.07314EPSS
CVE
CVE
added 2026/04/09 7:35 p.m.50 views

CVE-2026-34486

CVE-2026-34486 is a Tomcat Tribes EncryptInterceptor regression: when decryption fails, the code path previously moved super.messageReceived(msg) outside the try block, causing raw serialized bytes to bypass encryption and reach deserialization, enabling unauthenticated RCE via Java deserializati...

7.5CVSS5.8AI score0.21691EPSS
CVE
CVE
added 2026/05/12 3:26 p.m.49 views

CVE-2026-43513

CVE-2026-43513 : Apache Tomcat has an improper handling of case sensitivity in LockOutRealm. Affects Tomcat 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 (older unsupported versions may also be affected). Upgrading...

7.5CVSS5.7AI score0.00467EPSS
CVE
CVE
added 2026/04/09 7:12 p.m.46 views

CVE-2026-24880

CVE-2026-24880 describes an HTTP Request/Response Smuggling vulnerability in Apache Tomcat caused by inconsistent interpretation of HTTP requests via invalid chunk extension. Affected products include Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M1 through 9.0.115, 8.5.0 thr...

7.5CVSS5.8AI score0.00453EPSS
CVE
CVE
added 2026/04/09 7:19 p.m.46 views

CVE-2026-29129

CVE-2026-29129 is a vulnerability in Apache Tomcat where the configured cipher preference order is not preserved. It affects Tomcat versions 11.0.16–11.0.18, 10.1.51–10.1.52, and 9.0.114–9.0.115, per multiple sources (NVD, Debian security advisories, EUVD). The issue can impact confidentiality (C...

7.5CVSS5.8AI score0.00259EPSS
CVE
CVE
added 2026/04/09 7:30 p.m.46 views

CVE-2026-34483

CVE-2026-34483 is an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. Affected versions: Tomcat 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. Exploitation concerns are not detailed in the provided docum...

7.5CVSS5.8AI score0.00461EPSS
CVE
CVE
added 2026/04/09 7:36 p.m.44 views

CVE-2026-34500

CVE-2026-34500 affects Apache Tomcat, where CLIENT_CERT authentication may bypass non-failing behavior in scenarios with soft fail disabled and FFM . Affected versions are: Tomcat 11.0.0-M14 through 11.0.20, 10.1.22 through 10.1.53, and 9.0.92 through 9.0.116. The issue is resolved by upgrading t...

6.5CVSS5.8AI score0.00469EPSS
CVE
CVE
added 2026/02/17 6:50 p.m.40 views

CVE-2026-24733

CVE-2026-24733 describes an Improper Input Validation in Apache Tomcat where HTTP/0.9 HEAD requests can bypass security constraints intended for GET. Affected: Apache Tomcat 11.0.0-M1–11.0.14, 10.1.0-M1–10.1.49, 9.0.0.M1–9.0.112 (plus older EOL as noted). The root cause is failure to restrict HTT...

6.5CVSS5.5AI score0.00494EPSS
CVE
CVE
added 2026/04/09 7:23 p.m.31 views

CVE-2026-32990

CVE-2026-32990 is an Apache Tomcat vulnerability caused by an incomplete fix of CVE-2025-66614 (improper input validation). Affected are Tomcat 11.0.15–11.0.19, 10.1.50–10.1.52, and 9.0.113–9.0.115. Upgrading to fixed releases 11.0.20, 10.1.53, or 9.0.116 is recommended. Other connected advisorie...

5.3CVSS6.6AI score0.00307EPSS
CVE
CVE
added 2026/04/09 7:36 p.m.23 views

CVE-2026-34487

CVE-2026-34487 : Apache Tomcat contains an information disclosure vulnerability titled “Insertion of Sensitive Information into Log File” in the cloud membership for the clustering component, exposing the Kubernetes bearer token. Affected versions include Tomcat 11.0.0-M1 through 11.0.20, 10.1.0-...

7.5CVSS5.8AI score0.00447EPSS
Total number of security vulnerabilities261