Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-s93z-rmw7-5bcw

Summary

Apache Tomcat Native OCSP verification bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.

When using an OCSP responder, Tomcat Native did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.

The vulnerable code is in the process_ocsp_response() function in sslutils.c, which was missing calls to OCSP_basic_verify(), OCSP_check_validity(), and OCSP_check_nonce().

This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39.

Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.

Aliases

alias	CVE-2026-24734

alias	GHSA-mgp5-rv84-w37q

Fixed_packages

url pkg:apache/tomcat@9.0.115

purl pkg:apache/tomcat@9.0.115

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-s5kh-nebr-tba9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.115

url pkg:apache/tomcat@10.1.52

purl pkg:apache/tomcat@10.1.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-s5kh-nebr-tba9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.52

url pkg:apache/tomcat@11.0.18

purl pkg:apache/tomcat@11.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.18

url pkg:deb/debian/tomcat10@10.1.52-1~deb12u1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.52-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.52-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1%3Fdistro=trixie

url pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie

purl pkg:deb/debian/tomcat10@10.1.54-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat10@10.1.55-1?distro=trixie
purl	pkg:deb/debian/tomcat10@10.1.55-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.55-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat11@11.0.18-1?distro=trixie
purl	pkg:deb/debian/tomcat11@11.0.18-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.18-1%3Fdistro=trixie

url pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie

purl pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie
purl	pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.118-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.118-1%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.43-2~deb11u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.43-2~deb11u10%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.70-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.70-2%3Fdistro=trixie

url	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
purl	pkg:deb/debian/tomcat9@9.0.95-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat9@9.0.95-1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@9.0.115

purl pkg:maven/org.apache.tomcat/tomcat@9.0.115

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-s5kh-nebr-tba9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.115

url pkg:maven/org.apache.tomcat/tomcat@10.1.52

purl pkg:maven/org.apache.tomcat/tomcat@10.1.52

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-s5kh-nebr-tba9

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.52

url pkg:maven/org.apache.tomcat/tomcat@11.0.18

purl pkg:maven/org.apache.tomcat/tomcat@11.0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.18

url	pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@9.0.115

url	pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.52
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.52

url	pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.18
purl	pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote@11.0.18

url	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.115
purl	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.115
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.115

url	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.52
purl	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.52

url	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.18
purl	pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.18

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.115
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.115
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@9.0.115

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.52

url	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.18
purl	pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@11.0.18

url	pkg:maven/org.apache.tomcat.native/tomcat-native@1.3.5
purl	pkg:maven/org.apache.tomcat.native/tomcat-native@1.3.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.native/tomcat-native@1.3.5

url	pkg:maven/org.apache.tomcat.native/tomcat-native@2.0.12
purl	pkg:maven/org.apache.tomcat.native/tomcat-native@2.0.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.native/tomcat-native@2.0.12

Affected_packages

url pkg:apache/tomcat@9.0.83

purl pkg:apache/tomcat@9.0.83

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.83

url pkg:apache/tomcat@9.0.114

purl pkg:apache/tomcat@9.0.114

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@9.0.114

url pkg:apache/tomcat@10.1.0-M7

purl pkg:apache/tomcat@10.1.0-M7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.0-M7

url pkg:apache/tomcat@10.1.51

purl pkg:apache/tomcat@10.1.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@10.1.51

url pkg:apache/tomcat@11.0.0-M1

purl pkg:apache/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-h1tj-yzq6-93ew

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-kbn3-5swu-cubg

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-z4zd-puyg-g3bz

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.0-M1

url pkg:apache/tomcat@11.0.17

purl pkg:apache/tomcat@11.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/tomcat@11.0.17

url pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie

purl pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-nsp7-e9m6-juhv

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-z8df-aq4y-ubet

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie

url pkg:maven/org.apache.tomcat/tomcat@9.0.83

purl pkg:maven/org.apache.tomcat/tomcat@9.0.83

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.83

url pkg:maven/org.apache.tomcat/tomcat@9.0.114

purl pkg:maven/org.apache.tomcat/tomcat@9.0.114

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@9.0.114

url pkg:maven/org.apache.tomcat/tomcat@10.1.0-M7

purl pkg:maven/org.apache.tomcat/tomcat@10.1.0-M7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.0-M7

url pkg:maven/org.apache.tomcat/tomcat@10.1.51

purl pkg:maven/org.apache.tomcat/tomcat@10.1.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j493-xan3-myfm

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@10.1.51

url pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

purl pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18rb-u2tu-affk

vulnerability	VCID-1qsf-yxnk-fqhy

vulnerability	VCID-2s6w-bbfa-afb8

vulnerability	VCID-2ym4-frda-dbbe

vulnerability	VCID-5ebw-zerz-u7bh

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-6kdt-2q2t-aqgy

vulnerability	VCID-71mw-xrnv-9kec

vulnerability	VCID-84a8-y1hg-vuep

vulnerability	VCID-8qk1-ufax-eugz

vulnerability	VCID-ac8p-uerd-ubfj

vulnerability	VCID-bxwn-g8gu-kkbn

vulnerability	VCID-cugj-j48z-jub5

vulnerability	VCID-cxjh-uh21-skh4

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-gw94-yyjd-17er

vulnerability	VCID-h1tj-yzq6-93ew

vulnerability	VCID-h6f2-qgnu-bqf4

vulnerability	VCID-hf8e-m14m-mbcx

vulnerability	VCID-hy8s-ks53-u3aq

vulnerability	VCID-j66a-6et3-mfha

vulnerability	VCID-j7w8-ean1-33b8

vulnerability	VCID-ja5v-v682-ekd1

vulnerability	VCID-jsyt-cmxf-gbh3

vulnerability	VCID-kbn3-5swu-cubg

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-nqgv-hbwa-d3en

vulnerability	VCID-paqj-ye46-8bdb

vulnerability	VCID-pmav-cxu6-1ua9

vulnerability	VCID-qjqr-axrq-xkcf

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-ud36-sb2d-8ych

vulnerability	VCID-ujxe-ggfj-k3bh

vulnerability	VCID-urhs-6aus-syb1

vulnerability	VCID-uuya-uqgv-kyfb

vulnerability	VCID-vhbh-3a89-x7cw

vulnerability	VCID-w9nk-wv5n-2kg9

vulnerability	VCID-wcnj-bna8-7fh7

vulnerability	VCID-xtdv-ygus-xuds

vulnerability	VCID-y4a2-mamb-yqg6

vulnerability	VCID-z4zd-puyg-g3bz

vulnerability	VCID-zba8-2zc4-9qfh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.0-M1

url pkg:maven/org.apache.tomcat/tomcat@11.0.17

purl pkg:maven/org.apache.tomcat/tomcat@11.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat@11.0.17

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.83

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.83

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@9.0.83

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.0-M7

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.0-M7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@10.1.0-M7

url pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.0-M1

purl pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat/tomcat-coyote-ffm@11.0.0-M1

url pkg:maven/org.apache.tomcat.native/tomcat-native@1.1.23

purl pkg:maven/org.apache.tomcat.native/tomcat-native@1.1.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.native/tomcat-native@1.1.23

url pkg:maven/org.apache.tomcat.native/tomcat-native@1.2.0

purl pkg:maven/org.apache.tomcat.native/tomcat-native@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.native/tomcat-native@1.2.0

url pkg:maven/org.apache.tomcat.native/tomcat-native@1.3.0

purl pkg:maven/org.apache.tomcat.native/tomcat-native@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.native/tomcat-native@1.3.0

url pkg:maven/org.apache.tomcat.native/tomcat-native@2.0.0

purl pkg:maven/org.apache.tomcat.native/tomcat-native@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.tomcat.native/tomcat-native@2.0.0

url pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1?arch=el10jws

purl pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1?arch=el10jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1%3Farch=el10jws

url pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1?arch=el8jws

purl pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1%3Farch=el8jws

url pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1?arch=el9jws

purl pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat@10.1.49-9.redhat_00007.1%3Farch=el9jws

url pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1?arch=el10jws

purl pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1?arch=el10jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1%3Farch=el10jws

url pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1?arch=el8jws

purl pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1?arch=el8jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1%3Farch=el8jws

url pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1?arch=el9jws

purl pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1?arch=el9jws

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws6-tomcat-native@1.3.6-1.redhat_1%3Farch=el9jws

url pkg:rpm/redhat/tomcat@1:10.1.49-1.el10_2?arch=1

purl pkg:rpm/redhat/tomcat@1:10.1.49-1.el10_2?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-s93z-rmw7-5bcw

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat@1:10.1.49-1.el10_2%3Farch=1

url pkg:rpm/redhat/tomcat10-main@10.1.54-1?arch=hum1

purl pkg:rpm/redhat/tomcat10-main@10.1.54-1?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat10-main@10.1.54-1%3Farch=hum1

url pkg:rpm/redhat/tomcat11-main@11.0.21-0.1?arch=hum1

purl pkg:rpm/redhat/tomcat11-main@11.0.21-0.1?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ztb-ns6b-fuf9

vulnerability	VCID-d8re-94xd-nycp

vulnerability	VCID-gqtv-jvn4-eqe5

vulnerability	VCID-kqng-d1f2-myg5

vulnerability	VCID-s5kh-nebr-tba9

vulnerability	VCID-s93z-rmw7-5bcw

vulnerability	VCID-wcnj-bna8-7fh7

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tomcat11-main@11.0.21-0.1%3Farch=hum1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json

reference_url

https://github.com/apache/tomcat

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/tomcat

reference_url

https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2440426
reference_id	2440426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2440426

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734

reference_id

CVE-2026-24734

reference_type

scores

value	Moderate
scoring_system	apache_tomcat
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24734

reference_id

CVE-2026-24734

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24734

reference_url	https://github.com/advisories/GHSA-mgp5-rv84-w37q
reference_id	GHSA-mgp5-rv84-w37q
reference_type
scores
url	https://github.com/advisories/GHSA-mgp5-rv84-w37q

reference_url	https://access.redhat.com/errata/RHSA-2026:19054
reference_id	RHSA-2026:19054
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19054

reference_url	https://access.redhat.com/errata/RHSA-2026:5611
reference_id	RHSA-2026:5611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5611

reference_url	https://access.redhat.com/errata/RHSA-2026:5612
reference_id	RHSA-2026:5612
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5612

reference_url	https://access.redhat.com/errata/RHSA-2026:6569
reference_id	RHSA-2026:6569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6569

reference_url	https://access.redhat.com/errata/RHSA-2026:8334
reference_id	RHSA-2026:8334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8334

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	295
name	Improper Certificate Validation
description	The product does not validate, or incorrectly validates, a certificate.

Exploits

Severity_range_score 4.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s93z-rmw7-5bcw

Vulnerability Instance