Jboss web server

This hub aggregates every CVE we track for Jboss web server, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jboss web server.

• CVE-2026-43512Apache Tomcat: Digest authenticator will authenticate any unknown user9.8May 12, 2026
• CVE-2026-41293Apache Tomcat: HTTP/2 request headers not validated9.8May 12, 2026
• CVE-2026-34500Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled6.5Apr 9, 2026
• CVE-2026-34487Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token7.5Apr 9, 2026
• CVE-2026-34483Apache Tomcat: Incomplete escaping of JSON access logs7.5Apr 9, 2026
• CVE-2026-29145Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled9.1Apr 9, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5Apr 8, 2026
• CVE-2025-66614Apache Tomcat: Client certificate verification bypass due to virtual host mapping7.6Feb 17, 2026
• CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts7.3May 29, 2025
• CVE-2024-46544Apache Tomcat Connectors: mod_jk: local users can view and modify configuration5.9Sep 23, 2024
• CVE-2024-24549Apache Tomcat: HTTP/2 header handling DoS7.5Mar 13, 2024
• CVE-2023-5678Excessive time spent in DH check / generation with large Q parameter value5.3Nov 6, 2023
• CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient5.3Oct 10, 2023
• CVE-2023-3446Excessive time spent checking DH keys and parameters5.3Jul 19, 2023