GHSA-c5ph-rghf-fjfjMediumCVSS 6.5

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the...

Published
June 29, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.

Users are recommended to upgrade to version 11.0.23, 10.1.56, 9.0.119, which fixes the issue.

🔗 References (4)