Lucene search
GoogleOSV:GHSA-36QH-35CM-5W2WHistoryAug 13, 2021 - 3:21 p.m.
Authentication Bypass by Alternate Name in Apache Tomcat
2021-08-1315:21:24
Google
osv.dev
436
0.002 Low
EPSS
Percentile
58.4%
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
References
lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E
lists.debian.org/debian-lts-announce/2021/08/msg00009.html
nvd.nist.gov/vuln/detail/CVE-2021-30640
security.gentoo.org/glsa/202208-34
security.netapp.com/advisory/ntap-20210827-0007
www.debian.org/security/2021/dsa-4952
www.debian.org/security/2021/dsa-4986
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpuoct2021.html
Related
freebsd
freebsd
tomcat -- JNDI Realm Authentication Weakness in multiple versions
2021-04-08 00:00:00
ibm
ibm
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2021-30640)
2021-08-24 10:04:38
Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-30640)
2022-07-07 16:39:00
Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-30640
2022-02-09 16:08:18
tomcat
tomcat
Fixed in Apache Tomcat 9.0.46
2021-05-12 00:00:00
Fixed in Apache Tomcat 10.0.6
2021-05-12 00:00:00
Fixed in Apache Tomcat 7.0.109
2021-04-26 00:00:00
f5
f5
K35033051 : Tomcat vulnerability CVE-2021-30640
2021-07-28 00:00:00
debiancve
debiancve
CVE-2021-30640
2021-07-12 15:15:08
ubuntucve
ubuntucve
CVE-2021-30640
2021-07-12 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2021-2520)
2021-09-27 00:00:00
FreeBSD : tomcat -- JNDI Realm Authentication Weakness in multiple versions (8b571fb2-f311-11eb-b12b-fc4dd43e2b6a)
2021-08-04 00:00:00
EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-2489)
2021-09-24 00:00:00
redhatcve
redhatcve
CVE-2021-30640
2021-07-12 19:46:17
openvas
openvas
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2520)
2021-09-28 00:00:00
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2619)
2021-10-26 00:00:00
kaspersky
kaspersky
KLA12325 SB vulnerability in Apache Tomcat
2021-04-26 00:00:00
KLA12217 SB vulnerability in Apache Tomcat
2021-05-12 00:00:00
cve
cve
CVE-2021-30640
2021-07-12 15:15:08
veracode
veracode
Access Restriction Bypass
2021-07-13 03:39:12
prion
prion
Design/Logic Flaw
2021-07-12 15:15:00
amazon
amazon
Low: tomcat7
2021-09-02 22:54:00
osv
osv
BIT-tomcat-2021-30640
2024-03-06 11:10:06
CVE-2021-30640
2021-07-12 15:15:08
tomcat9 - security update
2021-08-09 00:00:00
github
github
Authentication Bypass by Alternate Name in Apache Tomcat
2021-08-13 15:21:24
nvd
nvd
CVE-2021-30640
2021-07-12 15:15:08
cvelist
cvelist
CVE-2021-30640 Auth weakness in JNDIRealm
2021-07-12 14:55:13
debian
debian
[SECURITY] [DLA 2733-1] tomcat8 security update
2021-08-05 21:40:35
[SECURITY] [DSA 4952-1] tomcat9 security update
2021-08-09 21:06:14
[SECURITY] [DSA 4984-1] tomcat9 security update
2021-10-14 20:33:21
suse
suse
Security update for tomcat (moderate)
2021-11-19 00:00:00
Security update for tomcat (moderate)
2021-11-16 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2021-10-23 13:05:28
atlassian
atlassian
Upgrade the bundled version of Apache Tomcat to 8.5.68 or later
2021-07-14 11:35:20
Upgrade the bundled version of Apache Tomcat to 8.5.68 or later
2021-07-14 11:35:20
redhat
redhat
(RHSA-2021:4863) Important: Red Hat JBoss Web Server 5.6.0 Security release
2021-11-30 14:21:16
(RHSA-2021:4861) Important: Red Hat JBoss Web Server 5.6.0 Security release
2021-11-30 14:19:46
(RHSA-2022:1179) Important: Red Hat support for Spring Boot 2.5.10 update
2022-04-12 19:02:50
gentoo
gentoo
Apache Tomcat: Multiple Vulnerabilities
2022-08-21 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2022-03-31 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0327
2021-11-10 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00