Apache Tomcat

Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC

Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC

| | Apache Tomcat, Malware, Remote Code Execution, Security Vulnerabilities, Tomcat
A rapidly exploited vulnerability with a major blast radius A recently disclosed vulnerability in Apache Tomcat, CVE-2025-24813, is drawing significant attention due to its ease of exploitation, rapid adoption by attackers, and ...
2024 Sonatype Blog

Disposal Advisory for Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)

| | Apache, Apache Tomcat, Apache Vulnerability, Blog, CVE-2025-24813, Emergency Response, Remote Code Execution
Vulnerability Overview Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) NSFOCUS Detection Methods NSFOCUS Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS) and Network Intrusion Detection System (IDS) have the ability ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)

Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)

| | Apache, Apache Tomcat, Apache Vulnerability, Blog, CVE-2025-24813, Emergency Response, Remote Code Execution
Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement and fixed the remote code execution vulnerability of Apache Tomcat (CVE-2025-24813). An unauthenticated attacker can execute arbitrary code to gain server ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Nexus Intelligence Insights:CVE-2020-13935 – Apache Tomcat Websocket – Denial of Service (DoS)

| | Apache Tomcat, FEATURED, Nexus Intelligence, Tomcat, Vulnerabilities
For July’s Nexus Intelligence Insight we take a deep dive into a Denial of Service (DoS) vulnerability impacting the popular Apache Tomcat Websocket component ...
Sonatype Blog
Open Source Sucks, Says Ballsy Infosec Firm

Open Source Sucks, Says Ballsy Infosec Firm

| | Apache Tomcat, jenkins, Kubernetes, Linux, mysql, open source, postgres, SB Blogwatch, vagrant
Security bugs are exploding in open source software, claims a vulnerability management service ...
Security Boulevard
Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR

Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR

| | AJP, Apache Tomcat, asset inventory, cve-2020-1938, patch management, policy compliance, Qualys Technology, The Laws of Vulnerabilities, threat protection, Tomcat, VMDR, Vulnerability Management
A severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, which is named “Ghostcat” and is tracked using CVE-2020-1938. The security issue ...
The Laws of Vulnerabilities – Qualys Blog

Top 5 Tomcat Vulnerabilities

| | Apache Tomcat, Everything Open Source, How-tos, Tomcat, vulnerability
Those who spend time monitoring and patching open source projects will be quite aware that Tomcat has some vulnerabilities ...
Sonatype Blog
DAM

All of Yahoo’s 3 Billion Accounts Compromised in 2013

| | Apache Tomcat, Data breach, elasticsearch, misconfiguration, National Football League, Remote Code Execution, vulnerability, Yahoo
The massive data breach announced by Yahoo in December was believed to have affected around 1 billion accounts, but it turns out it actually affected the company’s entire user base of around ...