Multiple Vulnerabilities Disclosed in Apache Traffic Server and Apache Tomcat
German authorities published security advisories for Apache Traffic Server and Apache Tomcat/Tomcat Native, warning of multiple vulnerabilities affecting the widely used web proxy, caching, and Java application server products. The notices identify separate issues in the two Apache projects, indicating that organizations running these technologies should review vendor guidance and determine whether exposed internet-facing services or internal application platforms are affected.
The advisories provide limited public detail, but the affected software is commonly deployed in enterprise web delivery and application environments, raising the risk of service disruption, unauthorized access, or further compromise if vulnerable instances remain unpatched. Security teams are expected to prioritize asset identification, apply available updates from the Apache projects and downstream vendors, and monitor systems using Apache Traffic Server, Apache Tomcat, and Tomcat Native for signs of exploitation or abnormal activity.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
dCERT publishes Apache Tomcat and Tomcat Native advisory 2026-1020
dCERT published advisory 2026-1020 covering multiple vulnerabilities affecting Apache Tomcat and Tomcat Native. No additional technical synopsis was provided in the reference.
dCERT publishes Apache Traffic Server vulnerability advisory 2026-0958
dCERT published advisory 2026-0958 covering multiple vulnerabilities in Apache Traffic Server. No additional technical synopsis was provided in the reference.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Recent Vulnerabilities in Apache Tomcat
Two significant vulnerabilities have been identified in Apache Tomcat, each with distinct attack vectors and impacts. CVE-2025-61795 is an improper resource shutdown or release vulnerability that can lead to a denial-of-service (DoS) condition if temporary files from multipart uploads are not cleaned up promptly, potentially exhausting disk space and exposing sensitive data. This issue affects Tomcat versions 11.0.0-M1 through 11.0.11, 10.1.0-M1 through 10.1.46, 9.0.0.M1 through 9.0.109, and several end-of-life versions, with patches available in 11.0.12, 10.1.47, and 9.0.110 and later. CVE-2025-55752 is a relative path traversal vulnerability introduced by a regression in the fix for a previous bug, allowing attackers to bypass security constraints and potentially upload malicious files if specific, non-default configurations are present. This vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.10, 10.1.0-M1 through 10.1.44, 9.0.0.M11 through 9.0.108, and certain EOL versions, with fixes in 11.0.11, 10.1.45, and 9.0.109 and later. Both vulnerabilities require prompt attention from administrators, especially those running affected Tomcat versions. The DoS vulnerability (CVE-2025-61795) can be exploited by attackers to exhaust server resources, while the path traversal flaw (CVE-2025-55752) could lead to remote code execution under specific conditions. Organizations are advised to upgrade to the latest patched versions to mitigate these risks and review their Tomcat configurations to ensure that non-default features such as HTTP PUT requests and URL rewriting are not unnecessarily enabled.
Mar 21, 2026
Multiple Vulnerabilities Disclosed in Apache HTTP Server and Apache Airflow Providers
German authorities published advisories for **multiple vulnerabilities** affecting both **Apache HTTP Server** and **Apache Airflow** components, expanding the list of enterprise Apache software requiring review. One notice, `dCERT Advisory 2026-1331`, covers several flaws in Apache HTTP Server, a widely deployed web server used in internet-facing and internal application environments. A separate notice, `dCERT Advisory 2026-1636`, reports multiple vulnerabilities in **Apache Airflow** provider packages, specifically the **Google** and **FAB** providers. While the advisories provided no public synopsis in the referenced notices, the disclosures indicate that organizations using these Apache products should identify affected deployments, review vendor guidance, and prioritize patching or other mitigations for exposed systems and workflow orchestration environments.
May 26, 2026
Apache Tomcat Patches for URL Rewrite Bypass and Console Injection Vulnerabilities
Apache Tomcat released security updates addressing two critical vulnerabilities: a URL rewrite bypass (CVE-2025-55752) that could allow directory traversal and potential remote code execution (RCE) if the HTTP PUT method is enabled, and a console ANSI injection flaw (CVE-2025-55754) that could enable manipulation of log messages via escape sequences. The affected versions include Tomcat 11.0.0-M1 to 11.0.10, 10.1.0-M1 to 10.1.44, and 9.0.0.M11 to 9.0.108, with users and administrators urged to apply the necessary patches immediately to mitigate risk. The URL rewrite bypass vulnerability allows attackers to craft malicious requests that evade security controls, potentially leading to unauthorized file access or code execution on vulnerable servers. The console ANSI injection issue could be exploited to alter log output, possibly obscuring malicious activity or facilitating further attacks. Security advisories from both Apache and national cybersecurity authorities emphasize the importance of prompt remediation to prevent exploitation in the wild.
Mar 21, 2026