Vulnerability-Lookup

CVE-2026-55955 (GCVE-0-2026-55955)

Vulnerability from cvelistv5 – Published: 2026-06-29 20:44 – Updated: 2026-06-30 13:22

Title

Apache Tomcat: EncryptInterceptor not protected against replay attacks

Summary

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-287 - Improper Authentication

Assigner

apache

References

2 references

URL	Tags
https://lists.apache.org/thread/g4p5sf45p3f9r011p…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.22 (semver) Affected: 10.1.0-M1 , ≤ 10.1.55 (semver) Affected: 9.0.13 , ≤ 9.0.118 (semver) Affected: 8.5.38 , ≤ 8.5.100 (semver) Affected: 7.0.100 , ≤ 7.0.109 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-29T22:24:33.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/29/24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-55955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T13:21:53.082121Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T13:22:14.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.22",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.55",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.118",
              "status": "affected",
              "version": "9.0.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.38",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.109",
              "status": "affected",
              "version": "7.0.100",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T20:44:39.779Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: EncryptInterceptor not protected against replay attacks",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-55955",
    "datePublished": "2026-06-29T20:44:39.779Z",
    "dateReserved": "2026-06-17T18:04:49.663Z",
    "dateUpdated": "2026-06-30T13:22:14.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-55955",
      "date": "2026-06-30",
      "epss": "0.00141",
      "percentile": "0.03832"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-55955\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-06-29T21:16:45.490\",\"lastModified\":\"2026-06-30T14:16:27.810\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\\n\\nUsers are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Tomcat\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"11.0.0-M1\",\"lessThanOrEqual\":\"11.0.22\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"10.1.0-M1\",\"lessThanOrEqual\":\"10.1.55\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.0.13\",\"lessThanOrEqual\":\"9.0.118\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.38\",\"lessThanOrEqual\":\"8.5.100\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.100\",\"lessThanOrEqual\":\"7.0.109\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-30T13:21:53.082121Z\",\"id\":\"CVE-2026-55955\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/06/29/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/06/29/24\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-06-29T22:24:33.117Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-55955\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-30T13:21:53.082121Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-30T13:22:11.456Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: EncryptInterceptor not protected against replay attacks\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.22\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.55\"}, {\"status\": \"affected\", \"version\": \"9.0.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.118\"}, {\"status\": \"affected\", \"version\": \"8.5.38\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"affected\", \"version\": \"7.0.100\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.109\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\\n\\nUsers are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-06-29T20:44:39.779Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-55955\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T13:22:14.917Z\", \"dateReserved\": \"2026-06-17T18:04:49.663Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-06-29T20:44:39.779Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-C5PH-RGHF-FJFJ

Vulnerability from github – Published: 2026-06-29 21:32 – Updated: 2026-06-30 00:31

Details

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.

Users are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-55955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-29T21:16:45Z",
    "severity": null
  },
  "details": "Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.",
  "id": "GHSA-c5ph-rghf-fjfj",
  "modified": "2026-06-30T00:31:30Z",
  "published": "2026-06-29T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/29/24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

RHSA-2026:29203

Vulnerability from csaf_redhat - Published: 2026-06-24 17:15 - Updated: 2026-06-30 15:09

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Important

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: tomcat10: * tomcat10-10.1.56-1.hum1 (noarch) * tomcat10-admin-webapps-10.1.56-1.hum1 (noarch) * tomcat10-common-10.1.56-1.hum1 (noarch) * tomcat10-docs-webapp-10.1.56-1.hum1 (noarch) * tomcat10-el-5.0-api-10.1.56-1.hum1 (noarch) * tomcat10-jsp-3.1-api-10.1.56-1.hum1 (noarch) * tomcat10-lib-10.1.56-1.hum1 (noarch) * tomcat10-servlet-6.0-api-10.1.56-1.hum1 (noarch) * tomcat10-user-instance-10.1.56-1.hum1 (noarch) * tomcat10-webapps-10.1.56-1.hum1 (noarch) * tomcat10-10.1.56-1.hum1.src (src)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-53404

A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended rule processing, potentially allowing for security bypasses or unauthorized access due to misapplied configurations.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat10-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat10-main@src		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-53434

A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced.

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat10-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat10-main@src		—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2026-55276

A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application.

2.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE-778 - Insufficient Logging

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat10-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat10-main@src		—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2026-55955

A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component.

4.2 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-294 - Authentication Bypass by Capture-replay

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat10-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat10-main@src		—	Vendor Fix fix Workaround

Threats

Impact Important

References

30 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:29203	self
https://images.redhat.com/	external
https://access.redhat.com/security/cve/CVE-2026-55955	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/cve/CVE-2026-55956	external
https://access.redhat.com/security/cve/CVE-2026-55957	external
https://access.redhat.com/security/cve/CVE-2026-55276	external
https://access.redhat.com/security/cve/CVE-2026-53404	external
https://access.redhat.com/security/cve/CVE-2026-53434	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-53404	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494681	external
https://www.cve.org/CVERecord?id=CVE-2026-53404	external
https://nvd.nist.gov/vuln/detail/CVE-2026-53404	external
https://lists.apache.org/thread/rdhpghgfskrdmw9hq…	external
https://access.redhat.com/security/cve/CVE-2026-53434	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494668	external
https://www.cve.org/CVERecord?id=CVE-2026-53434	external
https://nvd.nist.gov/vuln/detail/CVE-2026-53434	external
https://lists.apache.org/thread/x510lbq0sfrd1qyo7…	external
https://access.redhat.com/security/cve/CVE-2026-55276	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494675	external
https://www.cve.org/CVERecord?id=CVE-2026-55276	external
https://nvd.nist.gov/vuln/detail/CVE-2026-55276	external
https://lists.apache.org/thread/jy09xjlzn6r2qwvqo…	external
https://access.redhat.com/security/cve/CVE-2026-55955	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494678	external
https://www.cve.org/CVERecord?id=CVE-2026-55955	external
https://nvd.nist.gov/vuln/detail/CVE-2026-55955	external
https://lists.apache.org/thread/g4p5sf45p3f9r011p…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\ntomcat10:\n  * tomcat10-10.1.56-1.hum1 (noarch)\n  * tomcat10-admin-webapps-10.1.56-1.hum1 (noarch)\n  * tomcat10-common-10.1.56-1.hum1 (noarch)\n  * tomcat10-docs-webapp-10.1.56-1.hum1 (noarch)\n  * tomcat10-el-5.0-api-10.1.56-1.hum1 (noarch)\n  * tomcat10-jsp-3.1-api-10.1.56-1.hum1 (noarch)\n  * tomcat10-lib-10.1.56-1.hum1 (noarch)\n  * tomcat10-servlet-6.0-api-10.1.56-1.hum1 (noarch)\n  * tomcat10-user-instance-10.1.56-1.hum1 (noarch)\n  * tomcat10-webapps-10.1.56-1.hum1 (noarch)\n  * tomcat10-10.1.56-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:29203",
        "url": "https://access.redhat.com/errata/RHSA-2026:29203"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55955",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55955"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55956",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55956"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55957",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55957"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55276",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55276"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-53404",
        "url": "https://access.redhat.com/security/cve/CVE-2026-53404"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-53434",
        "url": "https://access.redhat.com/security/cve/CVE-2026-53434"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29203.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-30T15:09:02+00:00",
      "generator": {
        "date": "2026-06-30T15:09:02+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2026:29203",
      "initial_release_date": "2026-06-24T17:15:25+00:00",
      "revision_history": [
        {
          "date": "2026-06-24T17:15:25+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-30T09:54:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T15:09:02+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat10-main@noarch",
                "product": {
                  "name": "tomcat10-main@noarch",
                  "product_id": "tomcat10-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat10@10.1.56-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat10-main@src",
                "product": {
                  "name": "tomcat10-main@src",
                  "product_id": "tomcat10-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat10@10.1.56-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:tomcat10-main@noarch"
        },
        "product_reference": "tomcat10-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:tomcat10-main@src"
        },
        "product_reference": "tomcat10-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-53404",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2026-06-29T21:01:58.363486+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat\u0027s rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended rule processing, potentially allowing for security bypasses or unauthorized access due to misapplied configurations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat\u0027s RewriteValve. When rewrite rules use OR-chained conditions followed by non-OR conditions, the processing logic may not evaluate conditions correctly, potentially allowing unintended rule matches. Exploitation requires the RewriteValve to be enabled with specific OR-chained condition patterns, which is not a default configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat10-main@noarch",
          "Red Hat Hardened Images:tomcat10-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-53404"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-53404",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53404"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz",
          "url": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz"
        }
      ],
      "release_date": "2026-06-29T20:39:45.317000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-24T17:15:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:29203"
        },
        {
          "category": "workaround",
          "details": "This vulnerability only affects Tomcat deployments that use the RewriteValve with OR-chained rewrite conditions. Deployments that do not use the RewriteValve are not affected. Review rewrite rules for OR-chained conditions and test rule evaluation behavior.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing"
    },
    {
      "cve": "CVE-2026-53434",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2026-06-29T21:01:05.687650+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494668"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat. When using the FFM-based connector with CRL-based certificate revocation checking, an error in CRL data processing is not handled correctly, potentially allowing revoked certificates to be accepted. This only affects Tomcat 10.1.0-M7+ and 11.x using the FFM connector (Java 22+ Foreign Function \u0026 Memory API) with CRL configuration \u2014 an extremely narrow set of conditions not present in standard Red Hat deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat10-main@noarch",
          "Red Hat Hardened Images:tomcat10-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-53434"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494668",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494668"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-53434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk",
          "url": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk"
        }
      ],
      "release_date": "2026-06-29T20:41:06.948000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-24T17:15:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:29203"
        },
        {
          "category": "workaround",
          "details": "This vulnerability only affects Tomcat deployments using the FFM-based connector (requires Java 22+) with CRL-based certificate revocation checking. Deployments using the standard NIO/NIO2 connectors or not using CRL checking are not affected.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs"
    },
    {
      "cve": "CVE-2026-55276",
      "cwe": {
        "id": "CWE-778",
        "name": "Insufficient Logging"
      },
      "discovery_date": "2026-06-29T21:01:38.615799+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494675"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat. When the effective web.xml logging feature is enabled for debugging, special roles and empty authorization constraints may be omitted from the logged output. This is a logging-only issue with no runtime security impact \u2014 it only affects the accuracy of debug log output for administrators reviewing the effective web.xml configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat10-main@noarch",
          "Red Hat Hardened Images:tomcat10-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-55276"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494675",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494675"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-55276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55276"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v",
          "url": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v"
        }
      ],
      "release_date": "2026-06-29T20:42:23.257000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-24T17:15:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:29203"
        },
        {
          "category": "workaround",
          "details": "This is a logging-only issue with no runtime security impact. No mitigation is required. Administrators should not rely solely on the effective web.xml debug log output to verify security constraint configuration.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow"
    },
    {
      "cve": "CVE-2026-55955",
      "cwe": {
        "id": "CWE-294",
        "name": "Authentication Bypass by Capture-replay"
      },
      "discovery_date": "2026-06-29T21:01:48.701284+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat\u0027s EncryptionInterceptor used for Tribes cluster communication. An improper authentication vulnerability allows a replay attack against encrypted cluster messages. Exploitation requires the EncryptionInterceptor to be configured for Tomcat clustering, which is a non-default configuration, and the attacker must have access to the cluster network to capture and replay messages. Apache rates this vulnerability as Low severity. Red Hat has corrected the impact from IMPORTANT to MODERATE \u2014 the original AI-Bot CVSS of 8.2 (AV:N/AC:L) incorrectly scored this as internet-facing with low complexity, when Tribes cluster traffic is adjacent-network (AV:A) and requires non-default clustering configuration (AC:H). The corrected vector is CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N (4.2).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat10-main@noarch",
          "Red Hat Hardened Images:tomcat10-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-55955"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-55955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55955"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106",
          "url": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106"
        }
      ],
      "release_date": "2026-06-29T20:44:39.779000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-24T17:15:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:29203"
        },
        {
          "category": "workaround",
          "details": "This vulnerability only affects Tomcat deployments using the EncryptionInterceptor for Tribes cluster communication. Deployments that do not use Tomcat clustering or do not configure the EncryptionInterceptor are not affected. Ensure cluster communication channels are restricted to trusted, isolated networks.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat10-main@noarch",
            "Red Hat Hardened Images:tomcat10-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor"
    }
  ]
}

RHSA-2026:32960

Vulnerability from csaf_redhat - Published: 2026-06-29 09:02 - Updated: 2026-06-30 15:09

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Important

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: tomcat11: * tomcat11-11.0.23-0.1.hum1 (noarch) * tomcat11-admin-webapps-11.0.23-0.1.hum1 (noarch) * tomcat11-common-11.0.23-0.1.hum1 (noarch) * tomcat11-docs-webapp-11.0.23-0.1.hum1 (noarch) * tomcat11-el-6.0-api-11.0.23-0.1.hum1 (noarch) * tomcat11-jsp-4.0-api-11.0.23-0.1.hum1 (noarch) * tomcat11-lib-11.0.23-0.1.hum1 (noarch) * tomcat11-servlet-6.1-api-11.0.23-0.1.hum1 (noarch) * tomcat11-user-instance-11.0.23-0.1.hum1 (noarch) * tomcat11-webapps-11.0.23-0.1.hum1 (noarch) * tomcat11-11.0.23-0.1.hum1.src (src)

CVE-2026-50229

A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting (XSS), allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to unauthorized access to sensitive information or allow an attacker to alter the content of the website.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat11-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat11-main@src		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-53404

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-358 - Improperly Implemented Security Check for Standard

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat11-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat11-main@src		—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-53434

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-390 - Detection of Error Condition Without Action

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat11-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat11-main@src		—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2026-55276

2.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE-778 - Insufficient Logging

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat11-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat11-main@src		—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2026-55955

4.2 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-294 - Authentication Bypass by Capture-replay

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Hardened Images:tomcat11-main@noarch		—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:tomcat11-main@src		—	Vendor Fix fix Workaround

Threats

Impact Important

References

36 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:32960	self
https://images.redhat.com/	external
https://access.redhat.com/security/cve/CVE-2026-55955	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/cve/CVE-2026-55956	external
https://access.redhat.com/security/cve/CVE-2026-55957	external
https://access.redhat.com/security/cve/CVE-2026-55276	external
https://access.redhat.com/security/cve/CVE-2026-53404	external
https://access.redhat.com/security/cve/CVE-2026-50229	external
https://access.redhat.com/security/cve/CVE-2026-53434	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-50229	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494688	external
https://www.cve.org/CVERecord?id=CVE-2026-50229	external
https://nvd.nist.gov/vuln/detail/CVE-2026-50229	external
https://lists.apache.org/thread/wlt2no8bw45zl1w8b…	external
https://access.redhat.com/security/cve/CVE-2026-53404	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494681	external
https://www.cve.org/CVERecord?id=CVE-2026-53404	external
https://nvd.nist.gov/vuln/detail/CVE-2026-53404	external
https://lists.apache.org/thread/rdhpghgfskrdmw9hq…	external
https://access.redhat.com/security/cve/CVE-2026-53434	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494668	external
https://www.cve.org/CVERecord?id=CVE-2026-53434	external
https://nvd.nist.gov/vuln/detail/CVE-2026-53434	external
https://lists.apache.org/thread/x510lbq0sfrd1qyo7…	external
https://access.redhat.com/security/cve/CVE-2026-55276	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494675	external
https://www.cve.org/CVERecord?id=CVE-2026-55276	external
https://nvd.nist.gov/vuln/detail/CVE-2026-55276	external
https://lists.apache.org/thread/jy09xjlzn6r2qwvqo…	external
https://access.redhat.com/security/cve/CVE-2026-55955	self
https://bugzilla.redhat.com/show_bug.cgi?id=2494678	external
https://www.cve.org/CVERecord?id=CVE-2026-55955	external
https://nvd.nist.gov/vuln/detail/CVE-2026-55955	external
https://lists.apache.org/thread/g4p5sf45p3f9r011p…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\ntomcat11:\n  * tomcat11-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-admin-webapps-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-common-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-docs-webapp-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-el-6.0-api-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-jsp-4.0-api-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-lib-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-servlet-6.1-api-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-user-instance-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-webapps-11.0.23-0.1.hum1 (noarch)\n  * tomcat11-11.0.23-0.1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:32960",
        "url": "https://access.redhat.com/errata/RHSA-2026:32960"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55955",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55955"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55956",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55956"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55957",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55957"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-55276",
        "url": "https://access.redhat.com/security/cve/CVE-2026-55276"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-53404",
        "url": "https://access.redhat.com/security/cve/CVE-2026-53404"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-50229",
        "url": "https://access.redhat.com/security/cve/CVE-2026-50229"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-53434",
        "url": "https://access.redhat.com/security/cve/CVE-2026-53434"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_32960.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-30T15:09:04+00:00",
      "generator": {
        "date": "2026-06-30T15:09:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2026:32960",
      "initial_release_date": "2026-06-29T09:02:11+00:00",
      "revision_history": [
        {
          "date": "2026-06-29T09:02:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-30T09:54:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T15:09:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat11-main@noarch",
                "product": {
                  "name": "tomcat11-main@noarch",
                  "product_id": "tomcat11-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat11@11.0.23-0.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat11-main@src",
                "product": {
                  "name": "tomcat11-main@src",
                  "product_id": "tomcat11-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat11@11.0.23-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:tomcat11-main@noarch"
        },
        "product_reference": "tomcat11-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:tomcat11-main@src"
        },
        "product_reference": "tomcat11-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-50229",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2026-06-29T21:02:24.415552+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting (XSS), allows a remote attacker to inject malicious scripts into the \u0027number guess example\u0027 web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to unauthorized access to sensitive information or allow an attacker to alter the content of the website.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat: Cross-Site Scripting vulnerability in number guess example",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat. A Cross-Site Scripting (XSS) vulnerability exists in the \"number guess\" example web application shipped with Tomcat. An attacker can inject malicious scripts into the example page, which execute in other users\u0027 browsers when they view the page. This vulnerability only affects the example web application, not the Tomcat servlet container itself. Red Hat Tomcat packages do not deploy example applications by default \u2014 they are in separate optional packages (e.g., tomcat-webapps) that are not installed in production environments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat11-main@noarch",
          "Red Hat Hardened Images:tomcat11-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-50229"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-50229",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-50229"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-50229",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50229"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0",
          "url": "https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0"
        }
      ],
      "release_date": "2026-06-29T20:36:24.683000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-29T09:02:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:32960"
        },
        {
          "category": "workaround",
          "details": "Remove or disable the Tomcat example web applications if they are deployed. Example applications are not needed for production use and should not be accessible in production environments.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat: Apache Tomcat: Cross-Site Scripting vulnerability in number guess example"
    },
    {
      "cve": "CVE-2026-53404",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "discovery_date": "2026-06-29T21:01:58.363486+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494681"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat\u0027s rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended rule processing, potentially allowing for security bypasses or unauthorized access due to misapplied configurations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat\u0027s RewriteValve. When rewrite rules use OR-chained conditions followed by non-OR conditions, the processing logic may not evaluate conditions correctly, potentially allowing unintended rule matches. Exploitation requires the RewriteValve to be enabled with specific OR-chained condition patterns, which is not a default configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat11-main@noarch",
          "Red Hat Hardened Images:tomcat11-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-53404"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494681",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494681"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-53404",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53404"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53404"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz",
          "url": "https://lists.apache.org/thread/rdhpghgfskrdmw9hqzjgjrtw538smpmz"
        }
      ],
      "release_date": "2026-06-29T20:39:45.317000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-29T09:02:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:32960"
        },
        {
          "category": "workaround",
          "details": "This vulnerability only affects Tomcat deployments that use the RewriteValve with OR-chained rewrite conditions. Deployments that do not use the RewriteValve are not affected. Review rewrite rules for OR-chained conditions and test rule evaluation behavior.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing"
    },
    {
      "cve": "CVE-2026-53434",
      "cwe": {
        "id": "CWE-390",
        "name": "Detection of Error Condition Without Action"
      },
      "discovery_date": "2026-06-29T21:01:05.687650+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494668"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists (CRLs) for a FFM (presumably a specific type of connector), the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security controls might not be properly enforced.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat. When using the FFM-based connector with CRL-based certificate revocation checking, an error in CRL data processing is not handled correctly, potentially allowing revoked certificates to be accepted. This only affects Tomcat 10.1.0-M7+ and 11.x using the FFM connector (Java 22+ Foreign Function \u0026 Memory API) with CRL configuration \u2014 an extremely narrow set of conditions not present in standard Red Hat deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat11-main@noarch",
          "Red Hat Hardened Images:tomcat11-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-53434"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494668",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494668"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-53434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-53434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk",
          "url": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk"
        }
      ],
      "release_date": "2026-06-29T20:41:06.948000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-29T09:02:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:32960"
        },
        {
          "category": "workaround",
          "details": "This vulnerability only affects Tomcat deployments using the FFM-based connector (requires Java 22+) with CRL-based certificate revocation checking. Deployments using the standard NIO/NIO2 connectors or not using CRL checking are not affected.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Apache Tomcat: Error condition not handled when configuring CRLs"
    },
    {
      "cve": "CVE-2026-55276",
      "cwe": {
        "id": "CWE-778",
        "name": "Insufficient Logging"
      },
      "discovery_date": "2026-06-29T21:01:38.615799+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494675"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might misinterpret the actual authorization constraints, potentially impacting the security posture of the application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat. When the effective web.xml logging feature is enabled for debugging, special roles and empty authorization constraints may be omitted from the logged output. This is a logging-only issue with no runtime security impact \u2014 it only affects the accuracy of debug log output for administrators reviewing the effective web.xml configuration.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat11-main@noarch",
          "Red Hat Hardened Images:tomcat11-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-55276"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494675",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494675"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-55276",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55276"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55276"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v",
          "url": "https://lists.apache.org/thread/jy09xjlzn6r2qwvqoph8vcmf959yq68v"
        }
      ],
      "release_date": "2026-06-29T20:42:23.257000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-29T09:02:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:32960"
        },
        {
          "category": "workaround",
          "details": "This is a logging-only issue with no runtime security impact. No mitigation is required. Administrators should not rely solely on the effective web.xml debug log output to verify security constraint configuration.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow"
    },
    {
      "cve": "CVE-2026-55955",
      "cwe": {
        "id": "CWE-294",
        "name": "Authentication Bypass by Capture-replay"
      },
      "discovery_date": "2026-06-29T21:01:48.701284+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2494678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw was found in Apache Tomcat\u0027s EncryptionInterceptor used for Tribes cluster communication. An improper authentication vulnerability allows a replay attack against encrypted cluster messages. Exploitation requires the EncryptionInterceptor to be configured for Tomcat clustering, which is a non-default configuration, and the attacker must have access to the cluster network to capture and replay messages. Apache rates this vulnerability as Low severity. Red Hat has corrected the impact from IMPORTANT to MODERATE \u2014 the original AI-Bot CVSS of 8.2 (AV:N/AC:L) incorrectly scored this as internet-facing with low complexity, when Tribes cluster traffic is adjacent-network (AV:A) and requires non-default clustering configuration (AC:H). The corrected vector is CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N (4.2).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:tomcat11-main@noarch",
          "Red Hat Hardened Images:tomcat11-main@src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-55955"
        },
        {
          "category": "external",
          "summary": "RHBZ#2494678",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494678"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-55955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-55955"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55955"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106",
          "url": "https://lists.apache.org/thread/g4p5sf45p3f9r011pwqs9r54yd64s106"
        }
      ],
      "release_date": "2026-06-29T20:44:39.779000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-29T09:02:11+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:32960"
        },
        {
          "category": "workaround",
          "details": "This vulnerability only affects Tomcat deployments using the EncryptionInterceptor for Tribes cluster communication. Deployments that do not use Tomcat clustering or do not configure the EncryptionInterceptor are not affected. Ensure cluster communication channels are restricted to trusted, isolated networks.",
          "product_ids": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:tomcat11-main@noarch",
            "Red Hat Hardened Images:tomcat11-main@src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat: Apache Tomcat: Replay attack via improper authentication in EncryptionInterceptor"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-55955 (GCVE-0-2026-55955)

GHSA-C5PH-RGHF-FJFJ

RHSA-2026:29203

RHSA-2026:32960

Tags

Sightings

Nomenclature