PT-2026-57993 · Apache · Apache Tomcat
Ndix
·
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-59084
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions 11.0.0-M1 through 11.0.23
Apache Tomcat versions 10.1.0-M1 through 10.1.56
Apache Tomcat versions 9.0.13 through 9.0.119
Apache Tomcat versions 8.5.38 through 8.5.100
Apache Tomcat versions 7.0.100 through 7.0.109
Description
Insufficient technical documentation regarding the requirements to securely configure the
EncryptInterceptor component.Recommendations
Upgrade to version 11.0.24
Upgrade to version 10.1.57
Upgrade to version 9.0.120
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Tomcat