Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-53404 (GCVE-0-2026-53404)
Vulnerability from cvelistv5 – Published: 2026-06-29 20:39 – Updated: 2026-06-29 22:24
VLAI
EPSS
Title
Apache Tomcat: Bad ornext processing in RewriteValve
Summary
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected.
Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.
Severity
No CVSS data available.
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/rdhpghgfskrdmw9hq… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2026/0… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.22
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.55 (semver) Affected: 9.0.0.M1 , ≤ 9.0.118 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unaffected: 0 , < 8.0.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-29T22:24:25.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/06/29/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.22",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.55",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.118",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.0.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAlways-Incorrect Control Flow Implementation vulnerability in Apache Tomcat\u0027s rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.\u003c/p\u003e"
}
],
"value": "Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat\u0027s rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T20:39:45.317Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Tomcat: Bad ornext processing in RewriteValve",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-53404",
"datePublished": "2026-06-29T20:39:45.317Z",
"dateReserved": "2026-06-09T08:52:02.309Z",
"dateUpdated": "2026-06-29T22:24:25.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-53404\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-06-29T21:16:44.527\",\"lastModified\":\"2026-06-29T23:16:42.837\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat\u0027s rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected.\\n\\nUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Tomcat\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"11.0.0-M1\",\"lessThanOrEqual\":\"11.0.22\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"10.1.0-M1\",\"lessThanOrEqual\":\"10.1.55\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.0.0.M1\",\"lessThanOrEqual\":\"9.0.118\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"lessThanOrEqual\":\"8.5.100\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"8.0.0\",\"versionType\":\"semver\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/06/29/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-H792-V28V-PPGR
Vulnerability from github – Published: 2026-06-29 21:32 – Updated: 2026-06-30 00:31
VLAI
Details
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected.
Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.
{
"affected": [],
"aliases": [
"CVE-2026-53404"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-29T21:16:44Z",
"severity": null
},
"details": "Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat\u0027s rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.",
"id": "GHSA-h792-v28v-ppgr",
"modified": "2026-06-30T00:31:30Z",
"published": "2026-06-29T21:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/29/21"
}
],
"schema_version": "1.4.0",
"severity": []
}
RHSA-2026:29203
Vulnerability from csaf_redhat - Published: 2026-06-24 17:15 - Updated: 2026-06-30 10:40Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
tomcat10:
* tomcat10-10.1.56-1.hum1 (noarch)
* tomcat10-admin-webapps-10.1.56-1.hum1 (noarch)
* tomcat10-common-10.1.56-1.hum1 (noarch)
* tomcat10-docs-webapp-10.1.56-1.hum1 (noarch)
* tomcat10-el-5.0-api-10.1.56-1.hum1 (noarch)
* tomcat10-jsp-3.1-api-10.1.56-1.hum1 (noarch)
* tomcat10-lib-10.1.56-1.hum1 (noarch)
* tomcat10-servlet-6.0-api-10.1.56-1.hum1 (noarch)
* tomcat10-user-instance-10.1.56-1.hum1 (noarch)
* tomcat10-webapps-10.1.56-1.hum1 (noarch)
* tomcat10-10.1.56-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended rule processing, potentially allowing for security bypasses or unauthorized access due to misapplied configurations.
6.5 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced.
CWE-390 - Detection of Error Condition Without ActionAffected products
Threats
Impact
Low
A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application.
CWE-778 - Insufficient LoggingAffected products
Threats
Impact
Low
A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component.
4.2 (Medium)
Affected products
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ntomcat10:\n * tomcat10-10.1.56-1.hum1 (noarch)\n * tomcat10-admin-webapps-10.1.56-1.hum1 (noarch)\n * tomcat10-common-10.1.56-1.hum1 (noarch)\n * tomcat10-docs-webapp-10.1.56-1.hum1 (noarch)\n * tomcat10-el-5.0-api-10.1.56-1.hum1 (noarch)\n * tomcat10-jsp-3.1-api-10.1.56-1.hum1 (noarch)\n * tomcat10-lib-10.1.56-1.hum1 (noarch)\n * tomcat10-servlet-6.0-api-10.1.56-1.hum1 (noarch)\n * tomcat10-user-instance-10.1.56-1.hum1 (noarch)\n * tomcat10-webapps-10.1.56-1.hum1 (noarch)\n * tomcat10-10.1.56-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29203",
"url": "https://access.redhat.com/errata/RHSA-2026:29203"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55955",
"url": "https://access.redhat.com/security/cve/CVE-2026-55955"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55956",
"url": "https://access.redhat.com/security/cve/CVE-2026-55956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55957",
"url": "https://access.redhat.com/security/cve/CVE-2026-55957"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55276",
"url": "https://access.redhat.com/security/cve/CVE-2026-55276"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53404",
"url": "https://access.redhat.com/security/cve/CVE-2026-53404"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53434",
"url": "https://access.redhat.com/security/cve/CVE-2026-53434"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29203.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T10:40:46+00:00",
"generator": {
"date": "2026-06-30T10:40:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:29203",
"initial_release_date": "2026-06-24T17:15:25+00:00",
"revision_history": [
{
"date": "2026-06-24T17:15:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-30T09:54:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T10:40:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-main@noarch",
"product": {
"name": "tomcat10-main@noarch",
"product_id": "tomcat10-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat10@10.1.56-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-main@src",
"product": {
"name": "tomcat10-main@src",
"product_id": "tomcat10-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat10@10.1.56-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat10-main@noarch"
},
"product_reference": "tomcat10-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat10-main@src"
},
"product_reference": "tomcat10-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-53404",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2026-06-29T21:01:58.363486+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended rule processing, potentially allowing for security bypasses or unauthorized access due to misapplied configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat\u0027s RewriteValve. When rewrite rules use OR-chained conditions followed by non-OR conditions, the processing logic may not evaluate conditions correctly, potentially allowing unintended rule matches. Exploitation requires the RewriteValve to be enabled with specific OR-chained condition patterns, which is not a default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53404"
},
{
"category": "external",
"summary": "RHBZ#2494681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz",
"url": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz"
}
],
"release_date": "2026-06-29T20:39:45.317000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T17:15:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29203"
},
{
"category": "workaround",
"details": "This vulnerability only affects Tomcat deployments that use the RewriteValve with OR-chained rewrite conditions. Deployments that do not use the RewriteValve are not affected. Review rewrite rules for OR-chained conditions and test rule evaluation behavior.",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing"
},
{
"cve": "CVE-2026-53434",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2026-06-29T21:01:05.687650+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat. When using the FFM-based connector with CRL-based certificate revocation checking, an error in CRL data processing is not handled correctly, potentially allowing revoked certificates to be accepted. This only affects Tomcat 10.1.0-M7+ and 11.x using the FFM connector (Java 22+ Foreign Function \u0026 Memory API) with CRL configuration \u2014 an extremely narrow set of conditions not present in standard Red Hat deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53434"
},
{
"category": "external",
"summary": "RHBZ#2494668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53434",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk",
"url": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk"
}
],
"release_date": "2026-06-29T20:41:06.948000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T17:15:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29203"
},
{
"category": "workaround",
"details": "This vulnerability only affects Tomcat deployments using the FFM-based connector (requires Java 22+) with CRL-based certificate revocation checking. Deployments using the standard NIO/NIO2 connectors or not using CRL checking are not affected.",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs"
},
{
"cve": "CVE-2026-55276",
"cwe": {
"id": "CWE-778",
"name": "Insufficient Logging"
},
"discovery_date": "2026-06-29T21:01:38.615799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494675"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat. When the effective web.xml logging feature is enabled for debugging, special roles and empty authorization constraints may be omitted from the logged output. This is a logging-only issue with no runtime security impact \u2014 it only affects the accuracy of debug log output for administrators reviewing the effective web.xml configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55276"
},
{
"category": "external",
"summary": "RHBZ#2494675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494675"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55276"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v",
"url": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v"
}
],
"release_date": "2026-06-29T20:42:23.257000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T17:15:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29203"
},
{
"category": "workaround",
"details": "This is a logging-only issue with no runtime security impact. No mitigation is required. Administrators should not rely solely on the effective web.xml debug log output to verify security constraint configuration.",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow"
},
{
"cve": "CVE-2026-55955",
"cwe": {
"id": "CWE-294",
"name": "Authentication Bypass by Capture-replay"
},
"discovery_date": "2026-06-29T21:01:48.701284+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494678"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat\u0027s EncryptionInterceptor used for Tribes cluster communication. An improper authentication vulnerability allows a replay attack against encrypted cluster messages. Exploitation requires the EncryptionInterceptor to be configured for Tomcat clustering, which is a non-default configuration, and the attacker must have access to the cluster network to capture and replay messages. Apache rates this vulnerability as Low severity. Red Hat has corrected the impact from IMPORTANT to MODERATE \u2014 the original AI-Bot CVSS of 8.2 (AV:N/AC:L) incorrectly scored this as internet-facing with low complexity, when Tribes cluster traffic is adjacent-network (AV:A) and requires non-default clustering configuration (AC:H). The corrected vector is CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N (4.2).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55955"
},
{
"category": "external",
"summary": "RHBZ#2494678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106",
"url": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106"
}
],
"release_date": "2026-06-29T20:44:39.779000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T17:15:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29203"
},
{
"category": "workaround",
"details": "This vulnerability only affects Tomcat deployments using the EncryptionInterceptor for Tribes cluster communication. Deployments that do not use Tomcat clustering or do not configure the EncryptionInterceptor are not affected. Ensure cluster communication channels are restricted to trusted, isolated networks.",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor"
}
]
}
RHSA-2026:32960
Vulnerability from csaf_redhat - Published: 2026-06-29 09:02 - Updated: 2026-06-30 10:40Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
tomcat11:
* tomcat11-11.0.23-0.1.hum1 (noarch)
* tomcat11-admin-webapps-11.0.23-0.1.hum1 (noarch)
* tomcat11-common-11.0.23-0.1.hum1 (noarch)
* tomcat11-docs-webapp-11.0.23-0.1.hum1 (noarch)
* tomcat11-el-6.0-api-11.0.23-0.1.hum1 (noarch)
* tomcat11-jsp-4.0-api-11.0.23-0.1.hum1 (noarch)
* tomcat11-lib-11.0.23-0.1.hum1 (noarch)
* tomcat11-servlet-6.1-api-11.0.23-0.1.hum1 (noarch)
* tomcat11-user-instance-11.0.23-0.1.hum1 (noarch)
* tomcat11-webapps-11.0.23-0.1.hum1 (noarch)
* tomcat11-11.0.23-0.1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting (XSS), allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to unauthorized access to sensitive information or allow an attacker to alter the content of the website.
5.4 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended rule processing, potentially allowing for security bypasses or unauthorized access due to misapplied configurations.
6.5 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced.
CWE-390 - Detection of Error Condition Without ActionAffected products
Threats
Impact
Low
A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application.
CWE-778 - Insufficient LoggingAffected products
Threats
Impact
Low
A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component.
4.2 (Medium)
Affected products
Threats
Impact
Important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ntomcat11:\n * tomcat11-11.0.23-0.1.hum1 (noarch)\n * tomcat11-admin-webapps-11.0.23-0.1.hum1 (noarch)\n * tomcat11-common-11.0.23-0.1.hum1 (noarch)\n * tomcat11-docs-webapp-11.0.23-0.1.hum1 (noarch)\n * tomcat11-el-6.0-api-11.0.23-0.1.hum1 (noarch)\n * tomcat11-jsp-4.0-api-11.0.23-0.1.hum1 (noarch)\n * tomcat11-lib-11.0.23-0.1.hum1 (noarch)\n * tomcat11-servlet-6.1-api-11.0.23-0.1.hum1 (noarch)\n * tomcat11-user-instance-11.0.23-0.1.hum1 (noarch)\n * tomcat11-webapps-11.0.23-0.1.hum1 (noarch)\n * tomcat11-11.0.23-0.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:32960",
"url": "https://access.redhat.com/errata/RHSA-2026:32960"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55955",
"url": "https://access.redhat.com/security/cve/CVE-2026-55955"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55956",
"url": "https://access.redhat.com/security/cve/CVE-2026-55956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55957",
"url": "https://access.redhat.com/security/cve/CVE-2026-55957"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55276",
"url": "https://access.redhat.com/security/cve/CVE-2026-55276"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53404",
"url": "https://access.redhat.com/security/cve/CVE-2026-53404"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-50229",
"url": "https://access.redhat.com/security/cve/CVE-2026-50229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53434",
"url": "https://access.redhat.com/security/cve/CVE-2026-53434"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_32960.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T10:40:45+00:00",
"generator": {
"date": "2026-06-30T10:40:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:32960",
"initial_release_date": "2026-06-29T09:02:11+00:00",
"revision_history": [
{
"date": "2026-06-29T09:02:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-30T09:54:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T10:40:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-main@noarch",
"product": {
"name": "tomcat11-main@noarch",
"product_id": "tomcat11-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat11@11.0.23-0.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-main@src",
"product": {
"name": "tomcat11-main@src",
"product_id": "tomcat11-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat11@11.0.23-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat11-main@noarch"
},
"product_reference": "tomcat11-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat11-main@src"
},
"product_reference": "tomcat11-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-50229",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-06-29T21:02:24.415552+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting (XSS), allows a remote attacker to inject malicious scripts into the \u0027number guess example\u0027 web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to unauthorized access to sensitive information or allow an attacker to alter the content of the website.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Cross-Site Scripting vulnerability in number guess example",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat. A Cross-Site Scripting (XSS) vulnerability exists in the \"number guess\" example web application shipped with Tomcat. An attacker can inject malicious scripts into the example page, which execute in other users\u0027 browsers when they view the page. This vulnerability only affects the example web application, not the Tomcat servlet container itself. Red Hat Tomcat packages do not deploy example applications by default \u2014 they are in separate optional packages (e.g., tomcat-webapps) that are not installed in production environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-50229"
},
{
"category": "external",
"summary": "RHBZ#2494688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-50229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50229"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0",
"url": "https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0"
}
],
"release_date": "2026-06-29T20:36:24.683000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T09:02:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:32960"
},
{
"category": "workaround",
"details": "Remove or disable the Tomcat example web applications if they are deployed. Example applications are not needed for production use and should not be accessible in production environments.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Cross-Site Scripting vulnerability in number guess example"
},
{
"cve": "CVE-2026-53404",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2026-06-29T21:01:58.363486+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended rule processing, potentially allowing for security bypasses or unauthorized access due to misapplied configurations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat\u0027s RewriteValve. When rewrite rules use OR-chained conditions followed by non-OR conditions, the processing logic may not evaluate conditions correctly, potentially allowing unintended rule matches. Exploitation requires the RewriteValve to be enabled with specific OR-chained condition patterns, which is not a default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53404"
},
{
"category": "external",
"summary": "RHBZ#2494681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz",
"url": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz"
}
],
"release_date": "2026-06-29T20:39:45.317000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T09:02:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:32960"
},
{
"category": "workaround",
"details": "This vulnerability only affects Tomcat deployments that use the RewriteValve with OR-chained rewrite conditions. Deployments that do not use the RewriteValve are not affected. Review rewrite rules for OR-chained conditions and test rule evaluation behavior.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing"
},
{
"cve": "CVE-2026-53434",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2026-06-29T21:01:05.687650+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat. When using the FFM-based connector with CRL-based certificate revocation checking, an error in CRL data processing is not handled correctly, potentially allowing revoked certificates to be accepted. This only affects Tomcat 10.1.0-M7+ and 11.x using the FFM connector (Java 22+ Foreign Function \u0026 Memory API) with CRL configuration \u2014 an extremely narrow set of conditions not present in standard Red Hat deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53434"
},
{
"category": "external",
"summary": "RHBZ#2494668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53434",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk",
"url": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk"
}
],
"release_date": "2026-06-29T20:41:06.948000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T09:02:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:32960"
},
{
"category": "workaround",
"details": "This vulnerability only affects Tomcat deployments using the FFM-based connector (requires Java 22+) with CRL-based certificate revocation checking. Deployments using the standard NIO/NIO2 connectors or not using CRL checking are not affected.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs"
},
{
"cve": "CVE-2026-55276",
"cwe": {
"id": "CWE-778",
"name": "Insufficient Logging"
},
"discovery_date": "2026-06-29T21:01:38.615799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494675"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat. When the effective web.xml logging feature is enabled for debugging, special roles and empty authorization constraints may be omitted from the logged output. This is a logging-only issue with no runtime security impact \u2014 it only affects the accuracy of debug log output for administrators reviewing the effective web.xml configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55276"
},
{
"category": "external",
"summary": "RHBZ#2494675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494675"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55276"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v",
"url": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v"
}
],
"release_date": "2026-06-29T20:42:23.257000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T09:02:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:32960"
},
{
"category": "workaround",
"details": "This is a logging-only issue with no runtime security impact. No mitigation is required. Administrators should not rely solely on the effective web.xml debug log output to verify security constraint configuration.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow"
},
{
"cve": "CVE-2026-55955",
"cwe": {
"id": "CWE-294",
"name": "Authentication Bypass by Capture-replay"
},
"discovery_date": "2026-06-29T21:01:48.701284+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494678"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Apache Tomcat\u0027s EncryptionInterceptor used for Tribes cluster communication. An improper authentication vulnerability allows a replay attack against encrypted cluster messages. Exploitation requires the EncryptionInterceptor to be configured for Tomcat clustering, which is a non-default configuration, and the attacker must have access to the cluster network to capture and replay messages. Apache rates this vulnerability as Low severity. Red Hat has corrected the impact from IMPORTANT to MODERATE \u2014 the original AI-Bot CVSS of 8.2 (AV:N/AC:L) incorrectly scored this as internet-facing with low complexity, when Tribes cluster traffic is adjacent-network (AV:A) and requires non-default clustering configuration (AC:H). The corrected vector is CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N (4.2).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55955"
},
{
"category": "external",
"summary": "RHBZ#2494678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106",
"url": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106"
}
],
"release_date": "2026-06-29T20:44:39.779000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T09:02:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:32960"
},
{
"category": "workaround",
"details": "This vulnerability only affects Tomcat deployments using the EncryptionInterceptor for Tribes cluster communication. Deployments that do not use Tomcat clustering or do not configure the EncryptionInterceptor are not affected. Ensure cluster communication channels are restricted to trusted, isolated networks.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…