Vulnerability-Lookup

WID-SEC-W-2026-0443

Vulnerability from csaf_certbund - Published: 2026-02-17 23:00 - Updated: 2026-04-09 22:00

Summary

Apache Tomcat und Tomcat Native: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat und Tomcat Native ausnutzen, um Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2025-66614

CVE-2026-24733

CVE-2026-24734

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://lists.apache.org/thread/vw6lxtlh2qbqwpb61…	external
	https://lists.apache.org/thread/6xk3t65qpn1myp618…	external
	https://lists.apache.org/thread/292dlmx3fz1888v6v…	external
	https://tomcat.apache.org/security-9.html#Fixed_i…	external
	https://tomcat.apache.org/security-10.html#Fixed_…	external
	https://tomcat.apache.org/security-11.html#Fixed_…	external
	https://docs.camunda.org/security/notices/	external
	https://lists.opensuse.org/archives/list/security…	external
	https://lists.opensuse.org/archives/list/security…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.opensuse.org/archives/list/security…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://alas.aws.amazon.com/AL2/ALAS2-2026-3204.html	external
	https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2026…	external
	https://www.dell.com/support/kbdoc/de-de/00044324…	external
	https://access.redhat.com/errata/RHSA-2026:5612	external
	https://access.redhat.com/errata/RHSA-2026:5611	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.opensuse.org/archives/list/security…	external
	https://www.ibm.com/support/pages/node/7268151	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.opensuse.org/archives/list/security…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat und Tomcat Native ausnutzen, um Informationen offenzulegen und Sicherheitsma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0443 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0443.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0443 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0443"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat Mailing List CVE-2025-66614 vom 2026-02-17",
        "url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat Mailing List CVE-2026-24733 vom 2026-02-17",
        "url": "https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat Mailing List CVE-2026-24734 vom 2026-02-17",
        "url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat 9.0.115",
        "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat 10.1.52",
        "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52"
      },
      {
        "category": "external",
        "summary": "Apache Tomcat 11.0.18",
        "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18"
      },
      {
        "category": "external",
        "summary": "Camunda Security Notices vom 2026-02-26",
        "url": "https://docs.camunda.org/security/notices/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10305-1 vom 2026-03-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G27HXAIMRCGPRM6GBYQX7NUKNQS4RLJ4/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10307-1 vom 2026-03-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DI2B4CHVEHCV42Y64TNRTKC3DZRUL63R/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0877-1 vom 2026-03-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024680.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20350-1 vom 2026-03-14",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/26HRZCSTOT44GYSEA322WDI5BHW57STW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0890-1 vom 2026-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024692.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0922-1 vom 2026-03-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024713.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0932-1 vom 2026-03-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024774.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3204 vom 2026-03-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3204.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2026-024 vom 2026-03-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2026-024.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
        "url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:5612 vom 2026-03-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:5612"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:5611 vom 2026-03-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:5611"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1058-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20414-1 vom 2026-03-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LB2542BJGVWLFAZIJRQ3IGU7QR6LF3SF/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7268151 vom 2026-03-31",
        "url": "https://www.ibm.com/support/pages/node/7268151"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20926-1 vom 2026-04-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025091.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20444-1 vom 2026-04-02",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RFDMXLL4REOVIN7K7LZGE5CKASEYSWXH/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20982-1 vom 2026-04-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025183.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Tomcat und Tomcat Native: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-09T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-10T07:16:24.234+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0443",
      "initial_release_date": "2026-02-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-26T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-03-09T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-03-12T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-15T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von openSUSE und SUSE aufgenommen"
        },
        {
          "date": "2026-03-18T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-19T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und Amazon aufgenommen"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-03-26T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-29T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-03-31T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-04-01T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-06T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-04-09T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "15"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c11.0.15",
                "product": {
                  "name": "Apache Tomcat \u003c11.0.15",
                  "product_id": "T050976"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.15",
                "product": {
                  "name": "Apache Tomcat 11.0.15",
                  "product_id": "T050976-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:11.0.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.1.50",
                "product": {
                  "name": "Apache Tomcat \u003c10.1.50",
                  "product_id": "T050977"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.50",
                "product": {
                  "name": "Apache Tomcat 10.1.50",
                  "product_id": "T050977-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:10.1.50"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.113",
                "product": {
                  "name": "Apache Tomcat \u003c9.0.113",
                  "product_id": "T050978"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.113",
                "product": {
                  "name": "Apache Tomcat 9.0.113",
                  "product_id": "T050978-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:9.0.113"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Native \u003c2.0.12",
                "product": {
                  "name": "Apache Tomcat Native \u003c2.0.12",
                  "product_id": "T050979"
                }
              },
              {
                "category": "product_version",
                "name": "Native 2.0.12",
                "product": {
                  "name": "Apache Tomcat Native 2.0.12",
                  "product_id": "T050979-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:native__2.0.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Native \u003c1.3.5",
                "product": {
                  "name": "Apache Tomcat Native \u003c1.3.5",
                  "product_id": "T050980"
                }
              },
              {
                "category": "product_version",
                "name": "Native 1.3.5",
                "product": {
                  "name": "Apache Tomcat Native 1.3.5",
                  "product_id": "T050980-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:native__1.3.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.18",
                "product": {
                  "name": "Apache Tomcat \u003c11.0.18",
                  "product_id": "T050981"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.18",
                "product": {
                  "name": "Apache Tomcat 11.0.18",
                  "product_id": "T050981-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:tomcat:11.0.18"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tomcat"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway \u003c5.34.00.16",
                  "product_id": "T052048"
                }
              },
              {
                "category": "product_version",
                "name": "5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway 5.34.00.16",
                  "product_id": "T052048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Connect Gateway"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Power Hardware Management Console",
            "product": {
              "name": "IBM Power Hardware Management Console",
              "product_id": "5114",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:hardware_management_console:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7",
                "product": {
                  "name": "Open Source Camunda 7",
                  "product_id": "T051292",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:camunda:camunda:7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Camunda"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "product_status": {
        "known_affected": [
          "T002207",
          "T050976",
          "67646",
          "T051292",
          "T050978",
          "5114",
          "T050977",
          "T027843",
          "398363",
          "T052048"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24733",
      "product_status": {
        "known_affected": [
          "T002207",
          "T050976",
          "67646",
          "T051292",
          "T050978",
          "5114",
          "T050977",
          "T027843",
          "398363",
          "T052048"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2026-24733"
    },
    {
      "cve": "CVE-2026-24734",
      "product_status": {
        "known_affected": [
          "67646",
          "T051292",
          "5114",
          "T052048",
          "T050981",
          "T050980",
          "T050979",
          "T002207",
          "T050976",
          "T050978",
          "T050977",
          "T027843",
          "398363"
        ]
      },
      "release_date": "2026-02-17T23:00:00.000+00:00",
      "title": "CVE-2026-24734"
    }
  ]
}

CVE-2025-66614 (GCVE-0-2025-66614)

Vulnerability from cvelistv5 – Published: 2026-02-17 18:48 – Updated: 2026-03-24 09:46

Title

Apache Tomcat: Client certificate verification bypass due to virtual host mapping

Summary

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.

Severity ?

No CVSS data available.

CWE

CWE-20 - Improper Input Validation

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/vw6lxtlh2qbqwpb61…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.14 (semver) Affected: 10.1.0-M1 , ≤ 10.1.49 (semver) Affected: 9.0.0-M1 , ≤ 9.0.112 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unaffected: 0 , < 8.5.0 (semver)

Credits

Sven Hebrok, Willi Hensch, Felix Cramer, Tim Leonhard Storm, Maximilian Radoy, and Juraj Somorovsky from Paderborn University

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-66614",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-21T21:17:26.335968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T15:19:31.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.14",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.49",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.112",
              "status": "affected",
              "version": "9.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sven Hebrok, Willi Hensch, Felix Cramer, Tim Leonhard Storm, Maximilian Radoy, and Juraj Somorovsky from Paderborn University"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Input Validation vulnerability.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\u003c/p\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\u003cbr\u003e\u003cp\u003eTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\u003cbr\u003e\n\u003cbr\u003eThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T09:46:33.159Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: Client certificate verification bypass due to virtual host mapping",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-66614",
    "datePublished": "2026-02-17T18:48:30.577Z",
    "dateReserved": "2025-12-05T11:54:31.778Z",
    "dateUpdated": "2026-03-24T09:46:33.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24733 (GCVE-0-2026-24733)

Vulnerability from cvelistv5 – Published: 2026-02-17 18:50 – Updated: 2026-03-11 15:19

Title

Apache Tomcat: Security constraint bypass with HTTP/0.9

Summary

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-20 - Improper Input Validation

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/6xk3t65qpn1myp618…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.14 (semver) Affected: 10.1.0-M1 , ≤ 10.1.49 (semver) Affected: 9.0.0.M1 , ≤ 9.0.112 (semver) Affected: 0 , ≤ 8.5.100 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-24733",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-21T21:16:58.680222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T15:19:30.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.14",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.49",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.112",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Tomcat.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOlder, EOL versions are also affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T18:50:43.871Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Apache Tomcat: Security constraint bypass with HTTP/0.9",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-24733",
    "datePublished": "2026-02-17T18:50:43.871Z",
    "dateReserved": "2026-01-26T13:59:00.422Z",
    "dateUpdated": "2026-03-11T15:19:30.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24734 (GCVE-0-2026-24734)

Vulnerability from cvelistv5 – Published: 2026-02-17 18:53 – Updated: 2026-03-11 15:19

Title

Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Summary

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.

Severity ?

No CVSS data available.

CWE

CWE-20 - Improper Input Validation

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/292dlmx3fz1888v6v…

vendor-advisory

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache Tomcat Native

Affected: 1.1.23 , ≤ 1.1.34 (semver)
Affected: 1.2.0 , ≤ 1.2.39 (semver)
Affected: 1.3.0 , ≤ 1.3.4 (semver)
Affected: 2.0.0 , ≤ 2.0.11 (semver)

Apache Software Foundation

Apache Tomcat

Affected: 11.0.0-M1 , ≤ 11.0.17 (semver)
Affected: 10.1.0-M7 , ≤ 10.1.51 (semver)
Affected: 9.0.83 , ≤ 9.0.114 (semver)
Unaffected: 0 , ≤ 8.5.100 (semver)

Credits

Joshua Rogers (@MegaManSec)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-24734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-21T21:16:49.928042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T15:19:30.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat Native",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.1.34",
              "status": "affected",
              "version": "1.1.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.39",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.4",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.11",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.17",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.51",
              "status": "affected",
              "version": "10.1.0-M7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.114",
              "status": "affected",
              "version": "9.0.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Joshua Rogers (@MegaManSec)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\u003c/p\u003e\u003cp\u003eWhen using an OCSP responder, Tomcat Native (and Tomcat\u0027s FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat Native:\u0026nbsp; from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.\u0026nbsp;Older EOL versions are not affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.\u003c/p\u003eApache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.\u003cbr\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.\n\nWhen using an OCSP responder, Tomcat Native (and Tomcat\u0027s FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.\n\nThis issue affects Apache Tomcat Native:\u00a0 from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.\u00a0Older EOL versions are not affected.\n\nApache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.\n\nApache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T18:53:12.228Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-24734",
    "datePublished": "2026-02-17T18:53:12.228Z",
    "dateReserved": "2026-01-26T14:20:56.965Z",
    "dateUpdated": "2026-03-11T15:19:30.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0443

CVE-2025-66614 (GCVE-0-2025-66614)

CVE-2026-24733 (GCVE-0-2026-24733)

CVE-2026-24734 (GCVE-0-2026-24734)

Tags

Sightings

Nomenclature