Apache Tomcat 10.1.10 has been released, bringing Jakarta EE 10 support, automatic migration of Java EE apps via the Jakarta EE Migration Tool, and notable updates such as virtual thread support, RFC‑9218 HTTP/2 priority, deprecation of xssProtectionEnabled, and an upgraded Tomcat Native 2.0.4 with OpenSSL 3.0.9.
A high‑severity Apache Tomcat denial‑of‑service flaw (CVE‑2021‑42340) discovered on 2021‑10‑15 scores 7.8, impacts multiple Tomcat releases, and can be mitigated by upgrading to the listed secure versions while following 360CERT's remediation guidance.
Apache Tomcat 10.0.10 has been officially released, adding Jakarta EE 9 platform specifications, a migration tool for Java EE applications, and important fixes such as HTTP/2 flow‑control regression, TLS connection hangs with NIO, and restored JMX support for GraalVM native images.
This guide lists the Apache Tomcat versions vulnerable to CVE-2020-11996, shows which Spring Cloud and Spring Boot releases are affected, and provides step‑by‑step upgrade instructions to secure your applications against the HTTP/2 denial‑of‑service attack.
This article analyzes the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), detailing affected versions, the underlying code flaw, how attackers can read arbitrary files and achieve remote code execution, and provides concrete upgrade recommendations to mitigate the risk.
The article details the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), explains how it enables arbitrary file read and remote code execution on vulnerable Tomcat versions, and provides remediation steps including upgrading to patched releases.
This article explains the background, affected versions, technical analysis, exploitation steps, and remediation recommendations for the Apache Tomcat AJP file inclusion vulnerability (CVE‑2020‑1938), providing detailed code insights and practical upgrade guidance.
