Apache

Tomcat

263 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.26%
  • Veröffentlicht 09.04.2026 20:16:24
  • Zuletzt bearbeitet 14.04.2026 14:00:19

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version...

Medienbericht
  • EPSS 0.72%
  • Veröffentlicht 09.04.2026 20:16:24
  • Zuletzt bearbeitet 14.04.2026 13:22:28

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52...

Medienbericht
  • EPSS 5.04%
  • Veröffentlicht 09.04.2026 20:16:24
  • Zuletzt bearbeitet 09.07.2026 13:16:55

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100,...

  • EPSS 0.31%
  • Veröffentlicht 09.04.2026 20:16:24
  • Zuletzt bearbeitet 14.04.2026 12:47:51

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended t...

  • EPSS 0.46%
  • Veröffentlicht 09.04.2026 20:16:24
  • Zuletzt bearbeitet 14.04.2026 12:46:39

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are rec...

Medienbericht
  • EPSS 0.5%
  • Veröffentlicht 17.02.2026 18:53:12
  • Zuletzt bearbeitet 30.06.2026 03:17:38

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response whic...

  • EPSS 0.49%
  • Veröffentlicht 17.02.2026 18:50:43
  • Zuletzt bearbeitet 11.03.2026 16:16:29

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constrai...

  • EPSS 0.24%
  • Veröffentlicht 17.02.2026 18:48:30
  • Zuletzt bearbeitet 11.03.2026 16:16:20

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known...

Exploit
  • EPSS 0.96%
  • Veröffentlicht 07.11.2025 00:00:00
  • Zuletzt bearbeitet 08.12.2025 16:10:04

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter t...

  • EPSS 1.14%
  • Veröffentlicht 27.10.2025 17:30:28
  • Zuletzt bearbeitet 12.05.2026 13:17:23

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediate...