- Description
- Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1 through 10.1.36, from 9.0.0.M1 through 9.0.100, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.5, 10.1.37 or 9.0.101, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- tomcat
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- security@apache.org
- CWE-304
- Hype score
- Not currently trending
apache CVE-2026-55957. cloud misconfigs scale your blast radius by every region you operate in. audit IAM first. #Apache #CVE-2026-55957 https://t.co/Hs8vtPVvVb
@trerbbb
1 Jul 2026
31 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatの脆弱性(Important: CVE-2026-55957, Moderate: CVE-2026-55956, Low: CVE-2026-55955, CVE-2026-55276, CVE-2026-53434, CVE-2026-53404, CVE-2026-50229) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache https://t.co/mhV
@omokazuki
30 Jun 2026
117 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🐛 VULNERABILITIES CVE Notify: 🚨 [CVE-2026-55957](https://t.co/vK37hi6esx) Missing Critic... https://t.co/vK37hi6esx #Vulnerability #CVE #ZeroDay
@MalwareObserver
29 Jun 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6699B4-1EA4-43C1-A0E2-76BBFD4E90CD",
"versionEndExcluding": "9.0.101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF69915-915D-44CA-9027-206E44B89B78",
"versionEndExcluding": "10.1.37",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF54F3C-5527-44DB-AAD0-109A081A742B",
"versionEndExcluding": "11.0.5",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]