Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Urgent Security Updates Issued for Apache Tomcat Vulnerabilities

Urgent Security Updates Issued for Apache Tomcat Vulnerabilities

Posted on April 13, 2026 By CWS

The Apache Software Foundation has issued crucial security updates to rectify several vulnerabilities identified in Apache Tomcat. These updates are essential for maintaining the integrity of server environments affected by these flaws.

Critical Security Flaws Identified

A significant issue arose from an error in a security patch designed to fix vulnerabilities, inadvertently making servers susceptible to bypass attacks. This included vulnerabilities in certificate authentication and padding-oracle attacks, prompting immediate action from administrators to safeguard their systems.

Details on EncryptInterceptor and Padding Oracle Issues

The primary concern involves a faulty security patch linked to CVE-2026-29146, a severe vulnerability where the EncryptInterceptor used Cipher Block Chaining (CBC) by default. This setup exposed servers to padding oracle attacks, allowing malicious entities to potentially decrypt traffic.

Researchers Uri Katz and Avi Lumelsky from Oligo Security identified this critical cryptographic flaw. An initial set of updates was released by Apache in response to these findings. Yet, the fix led to another vulnerability, CVE-2026-34486, discovered by Bartlomiej Dmitruk of striga.ai, which enabled attackers to bypass the EncryptInterceptor entirely.

Additional Vulnerabilities and Recommendations

Beyond the EncryptInterceptor issues, Apache addressed a medium-severity vulnerability, CVE-2026-34500, affecting the Online Certificate Status Protocol (OCSP) checks. This flaw could lead to unexpected authentication behaviors due to a soft fail during OCSP validation, identified by Haruki Oyama from Waseda University.

The vulnerabilities impact several Apache Tomcat versions, notably including Apache Tomcat 11.0.20, 10.1.53, and 9.0.116. Broader issues, such as the initial padding oracle attack and certificate validation errors, affect a wider range of earlier versions.

To mitigate these threats, Apache recommends updating to the latest secure versions: Apache Tomcat 11.0.21 or later, 10.1.54 or later, and 9.0.117 or later. Organizations using older, unsupported Tomcat versions should upgrade immediately, as these will not receive patches for identified vulnerabilities.

For more cybersecurity updates, follow us on Google News, LinkedIn, and X. We also invite you to contact us with your cybersecurity stories.

Cyber Security News Tags:Apache, certificate authentication, CVE-2026-29146, CVE-2026-34486, CVE-2026-34500, Cybersecurity, EncryptInterceptor, security updates, software patch, Tomcat, Vulnerabilities

Post navigation

Previous Post: MSBuild Exploited for Stealth Fileless Windows Attacks
Next Post: Rockstar Data Breach: 78.6 Million Records Exposed

Related Posts

10-Year-Old Roundcube RCE Vulnerability Let Attackers Execute Malicious Code 10-Year-Old Roundcube RCE Vulnerability Let Attackers Execute Malicious Code Cyber Security News
Weekly Cybersecurity News Recap – Top Vulnerabilities, Threat and Data Breaches Weekly Cybersecurity News Recap – Top Vulnerabilities, Threat and Data Breaches Cyber Security News
Arizona Attorney General Suses Chinese E-commerce Retailer Temu Over Data Theft Claims Arizona Attorney General Suses Chinese E-commerce Retailer Temu Over Data Theft Claims Cyber Security News
1.5 Billion Packets Per Second DDoS Attack Detected with FastNetMon 1.5 Billion Packets Per Second DDoS Attack Detected with FastNetMon Cyber Security News
Linux Kernel Patching: Preventing Exploits in 2025 Linux Kernel Patching: Preventing Exploits in 2025 Cyber Security News
Midnight Ransomware Decrypter Flaws Opens the Door to File Recovery Midnight Ransomware Decrypter Flaws Opens the Door to File Recovery Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark