Overview
- Apache Software Foundation
- Apache Tomcat
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV
Description
Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did not limit HTTP/0.9 requests to the GET method. If a security
constraint was configured to allow HEAD requests to a URI but deny GET
requests, the user could bypass that constraint on GET requests by
sending a (specification invalid) HEAD request using HTTP/0.9.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.
Older, EOL versions are also affected.
Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.
Statistics
- 2 Posts
Last activity: 1 hour ago
Bluesky
Critical #Tomcat 11 update for openSUSE Tumbleweed. Version 11.0.18-1.1 fixes CVE-2025-66614, CVE-2026-24733, and CVE-2026-24734. Read more: 👉 tinyurl.com/pzdjwutx #openSUSE
Overview
Description
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Statistics
- 1 Post
Last activity: 1 hour ago
Overview
Description
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Statistics
- 1 Post
Last activity: 1 hour ago