Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Urgent Security Updates Issued for Apache Tomcat Vulnerabilities

Urgent Security Updates Issued for Apache Tomcat Vulnerabilities

Posted on April 13, 2026 By CWS

The Apache Software Foundation has issued crucial security updates to rectify several vulnerabilities identified in Apache Tomcat. These updates are essential for maintaining the integrity of server environments affected by these flaws.

Critical Security Flaws Identified

A significant issue arose from an error in a security patch designed to fix vulnerabilities, inadvertently making servers susceptible to bypass attacks. This included vulnerabilities in certificate authentication and padding-oracle attacks, prompting immediate action from administrators to safeguard their systems.

Details on EncryptInterceptor and Padding Oracle Issues

The primary concern involves a faulty security patch linked to CVE-2026-29146, a severe vulnerability where the EncryptInterceptor used Cipher Block Chaining (CBC) by default. This setup exposed servers to padding oracle attacks, allowing malicious entities to potentially decrypt traffic.

Researchers Uri Katz and Avi Lumelsky from Oligo Security identified this critical cryptographic flaw. An initial set of updates was released by Apache in response to these findings. Yet, the fix led to another vulnerability, CVE-2026-34486, discovered by Bartlomiej Dmitruk of striga.ai, which enabled attackers to bypass the EncryptInterceptor entirely.

Additional Vulnerabilities and Recommendations

Beyond the EncryptInterceptor issues, Apache addressed a medium-severity vulnerability, CVE-2026-34500, affecting the Online Certificate Status Protocol (OCSP) checks. This flaw could lead to unexpected authentication behaviors due to a soft fail during OCSP validation, identified by Haruki Oyama from Waseda University.

The vulnerabilities impact several Apache Tomcat versions, notably including Apache Tomcat 11.0.20, 10.1.53, and 9.0.116. Broader issues, such as the initial padding oracle attack and certificate validation errors, affect a wider range of earlier versions.

To mitigate these threats, Apache recommends updating to the latest secure versions: Apache Tomcat 11.0.21 or later, 10.1.54 or later, and 9.0.117 or later. Organizations using older, unsupported Tomcat versions should upgrade immediately, as these will not receive patches for identified vulnerabilities.

For more cybersecurity updates, follow us on Google News, LinkedIn, and X. We also invite you to contact us with your cybersecurity stories.

Cyber Security News Tags:Apache, certificate authentication, CVE-2026-29146, CVE-2026-34486, CVE-2026-34500, Cybersecurity, EncryptInterceptor, security updates, software patch, Tomcat, Vulnerabilities

Post navigation

Previous Post: MSBuild Exploited for Stealth Fileless Windows Attacks
Next Post: Rockstar Data Breach: 78.6 Million Records Exposed

Related Posts

Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT Cyber Security News
NestJS Framework Vulnerability Execute Arbitrary Code in Developers Machine NestJS Framework Vulnerability Execute Arbitrary Code in Developers Machine Cyber Security News
Cisco ISE Flaws Enable Remote Code Execution Risk Cisco ISE Flaws Enable Remote Code Execution Risk Cyber Security News
Malicious npm Packages Exploit Discord and Crypto Wallets Malicious npm Packages Exploit Discord and Crypto Wallets Cyber Security News
Microsoft’s New Teams New Admin Role to Manage External Collaboration Settings Microsoft’s New Teams New Admin Role to Manage External Collaboration Settings Cyber Security News
Microsoft’s Urgent Windows 11 Update Fixes Installation Loop Microsoft’s Urgent Windows 11 Update Fixes Installation Loop Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines
  • Enhancing SOC Efficiency: Cut Alert Overload & MTTR
  • Crypto Wallet Extensions’ Privacy Risks Uncovered
  • CISA Alerts on Cisco IOS Vulnerability Exploitation

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines
  • Enhancing SOC Efficiency: Cut Alert Overload & MTTR
  • Crypto Wallet Extensions’ Privacy Risks Uncovered
  • CISA Alerts on Cisco IOS Vulnerability Exploitation

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark