This page collects WhisperX intelligence signals tagged #apache-tomcat. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Apache Tomcat 核心组件中发现一个安全漏洞,允许攻击者在特定配置下绕过关键的 URL 重写规则。该漏洞被追踪为 CVE-2025-31651 (GHSA-ff77-26x5-69cr),其根源在于对转义、元或控制序列的处理不当。如果这些被绕过的重写规则恰好用于强制执行安全约束,那么这些安全限制就可能失效,为潜在的攻击路径打开缺口。 该漏洞影响范围广泛,波及 Apache Tomcat 的多个主要版本。具体包括:从 11.0.0-M1 到 11.0.5 的所有版本,从 10.1.0-M1 到 10.1.39 的所有版本,以及从 9.0.0.M1 到 9.0.102 的所有版本。值得注意的是,在 CVE 创建时已结束生命周...
A confirmed Open Redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve component allows attackers to redirect users to untrusted websites, primarily enabling phishing and credential theft campaigns. The flaw affects multiple major Tomcat versions across the 8.5, 9.0, 10.1, and 11.0 branches, creating a wi...
A high-severity information disclosure vulnerability has been identified in Apache Tomcat's JsonAccessLogValve component, stemming from improper encoding of logged data. The flaw allows an attacker to potentially access sensitive information through manipulated HTTP requests that exploit how access logs are formatted a...
A critical improper input validation vulnerability in Apache Tomcat enables attackers to bypass configured security constraints by exploiting how the server handles HTTP/0.9 requests. The flaw specifically targets deployments where security rules permit HEAD requests but deny GET requests to protected URIs. By sending ...
A denial-of-service vulnerability has been identified in Apache Tomcat versions 9.x through 11.x, stemming from improper handling of temporary files during failed multipart upload operations. The flaw, tracked as an Improper Resource Shutdown or Release vulnerability, allows temporary copies of uploaded parts to persis...