Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 1.23%
  • Veröffentlicht 12.05.2026 15:24:02
  • Zuletzt bearbeitet 15.05.2026 15:54:37

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5...

Medienbericht
  • EPSS 1.34%
  • Veröffentlicht 12.05.2026 15:19:35
  • Zuletzt bearbeitet 15.05.2026 15:57:18

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions...

  • EPSS 0.55%
  • Veröffentlicht 12.05.2026 15:17:56
  • Zuletzt bearbeitet 14.05.2026 18:51:59

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, ...

  • EPSS 0.78%
  • Veröffentlicht 12.05.2026 15:14:45
  • Zuletzt bearbeitet 14.05.2026 18:59:48

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may als...

Exploit
  • EPSS 0.56%
  • Veröffentlicht 05.05.2026 22:16:00
  • Zuletzt bearbeitet 12.05.2026 16:18:14

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResources...

Medienbericht
  • EPSS 15.83%
  • Veröffentlicht 09.04.2026 20:16:25
  • Zuletzt bearbeitet 09.07.2026 13:17:00

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to ve...

  • EPSS 0.45%
  • Veröffentlicht 09.04.2026 20:16:25
  • Zuletzt bearbeitet 14.04.2026 12:44:45

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 th...

  • EPSS 0.47%
  • Veröffentlicht 09.04.2026 20:16:25
  • Zuletzt bearbeitet 14.04.2026 12:43:28

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through...

  • EPSS 0.45%
  • Veröffentlicht 09.04.2026 20:16:24
  • Zuletzt bearbeitet 14.04.2026 20:02:48

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0...

  • EPSS 0.53%
  • Veröffentlicht 09.04.2026 20:16:24
  • Zuletzt bearbeitet 14.04.2026 14:01:07

Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through...