Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

vendor_unpatched cve-2025-48976: Unpatched CVEs for Debian Linux, Ubuntu Linux (cve-2025-48976)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11741 advisory.

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web     applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster),     the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

    This release of Red Hat JBoss Web Server 6.1.1 serves as a replacement for Red Hat JBoss Web Server 6.1.0.
    This release includes bug fixes, enhancements and component upgrades, which are documented in the Release     Notes that are linked to in the References section.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload [jws-6] (CVE-2025-48988)
    * tomcat-catalina: Apache Tomcat: Security constraint bypass for pre/post-resources [jws-6]     (CVE-2025-49125)
    * tomcat: Apache Commons FileUpload DoS via part headers [jws-6] (CVE-2025-48976)
    * jws6-tomcat: Apache Tomcat denial of service [jws-6] (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:11695 advisory.

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web     applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster),     the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

    This release of Red Hat JBoss Web Server 5.8.5 serves as a replacement for Red Hat JBoss Web Server 5.8.4.
    This release includes bug fixes, enhancements and component upgrades, which are documented in the Release     Notes that are linked to in the References section.

    Security Fix(es):

    * tomcat: Apache Tomcat DoS in multipart upload [jws-5] (CVE-2025-48988)
    * tomcat-catalina: Apache Tomcat: Security constraint bypass for pre/post-resources [jws-5]     (CVE-2025-49125)
    * tomcat: Apache Commons FileUpload DoS via part headers [jws-5] (CVE-2025-48976)
    * jws5-tomcat: Apache Tomcat denial of service [jws-5] (CVE-2025-52520)
    * jws5-tomcat: Apache Tomcat denial of service [jws-5] (CVE-2025-52434)
    * jws5-tomcat: Apache Tomcat denial of service [jws-5] (CVE-2025-53506)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4245 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4245-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     July 22, 2025                                 https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : libcommons-fileupload-java     Version        : 1.4-1+deb11u1     CVE ID         : CVE-2023-24998 CVE-2025-48976     Debian Bug     : 1031733 1108120

    Two security vulnerabilities have been found in libcommons-fileupload-java,     a Java library that adds robust, high-performance, file upload capability     to your servlets and web applications.

    CVE-2023-24998:

        Apache Commons FileUpload does not limit the number of request         parts to be processed resulting in the possibility of an attacker         triggering a DoS with a malicious upload or series of uploads. Note that,         like all of the file upload limits, the new configuration option         (FileUploadBase#setFileCountMax) is not enabled by default and must be         explicitly configured.

    CVE-2025-48976:

        Allocation of resources for multipart headers with insufficient limits         enabled a DoS vulnerability in Apache Commons FileUpload.

    For Debian 11 bullseye, these problems have been fixed in version     1.4-1+deb11u1.

    We recommend that you upgrade your libcommons-fileupload-java packages.

    For the detailed security status of libcommons-fileupload-java please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libcommons-fileupload-java

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4244 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4244-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     July 22, 2025                                 https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : tomcat9     Version        : 9.0.107-0+deb11u1     CVE ID         : CVE-2024-34750 CVE-2024-54677 CVE-2025-31650 CVE-2025-31651                      CVE-2025-46701 CVE-2025-48976 CVE-2025-48988 CVE-2025-49125                      CVE-2025-52434 CVE-2025-52520 CVE-2025-53506

    Several security vulnerabilities have been found in Tomcat 9, a Java web server     and servlet engine. Most notably the update improves the handling of HTTP/2     connections and corrects various flaws which can lead to uncontrolled resource     consumption and a denial of service.

    For Debian 11 bullseye, these problems have been fixed in version     9.0.107-0+deb11u1.

    We recommend that you upgrade your tomcat9 packages.

    For the detailed security status of tomcat9 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/tomcat9

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory.

  - Vulnerability in the Oracle Database component of Oracle Database Server.  Supported versions that     are affected are 19.3-19.27 and  23.4-23.8. Easily exploitable vulnerability allows low privileged     attacker having Create Session, Create Procedure privilege with network access via Oracle Net to     compromise Oracle Database.  Successful attacks of this vulnerability can result in takeover of Oracle     Database. (CVE-2025-30751)

  - Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected     are 19.3-19.27 and  21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having     Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.
    While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change).
    Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete     access to all Java VM accessible data. (CVE-2025-50069)

  - Vulnerability in the Oracle Text (FreeType) component of Oracle Database Server.  Supported versions     that are affected are 19.3-19.27, 21.3-21.18 and  23.4-23.8. Difficult to exploit vulnerability allows     low privileged attacker having Create Session, Create Index privilege with network access via Oracle Net     to compromise Oracle Text (FreeType).  Successful attacks of this vulnerability can result in takeover     of Oracle Text (FreeType). (CVE-2025-27363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000152614 advisory.

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from     2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the     issue.(CVE-2025-48976)

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1064 advisory.

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload.

    This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

    Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. (CVE-2025-48976)

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through     9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-48988)

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using     PreResources or PostResources mounted other than at the root of the web application, it was possible to     access those resources via an unexpected path. That path was likely not to be protected by the same     security constraints as the expected path, allowing those security constraints to be bypassed.

    This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from     9.0.0.M1 through 9.0.105.

    Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-49125)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 9.0.106-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-020 advisory.

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload.

    This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

    Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. (CVE-2025-48976)

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through     9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-48988)

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using     PreResources or PostResources mounted other than at the root of the web application, it was possible to     access those resources via an unexpected path. That path was likely not to be protected by the same     security constraints as the expected path, allowing those security constraints to be bypassed.

    This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from     9.0.0.M1 through 9.0.105.

    Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-49125)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1065 advisory.

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload.

    This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

    Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. (CVE-2025-48976)

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through     9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-48988)

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using     PreResources or PostResources mounted other than at the root of the web application, it was possible to     access those resources via an unexpected path. That path was likely not to be protected by the same     security constraints as the expected path, allowing those security constraints to be bypassed.

    This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from     9.0.0.M1 through 9.0.105.

    Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-49125)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2920 advisory.

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload.

    This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

    Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. (CVE-2025-48976)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02184-1 advisory.

    Upgrade to upstream version 1.6.0

    - CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient limits can lead to     a DoS (bsc#1244657).

    Full changelog:

    https://commons.apache.org/proper/commons-fileupload/changes.html#a1.6.0

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02159-1 advisory.

    Upgrade to upstream version 1.6.0

    - CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient limits can lead to     a DoS (bsc#1244657).

    Full changelog:

    https://commons.apache.org/proper/commons-fileupload/changes.html#a1.6.0

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities :

 - When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. (CVE-2025-49125)

 - During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This enabled a side-loading vulnerability. (CVE-2025-49124)

 - Tomcat used the same limit for both request parameters and parts in a multipart request. Since uploaded parts also include headers which must be retained, processing multipart requests can result in significantly more memory usage. A specially crafted request that used a large number of parts could trigger excessive memory usage leading to a DoS. (CVE-2025-48988)

 - Apache Commons FileUpload provided a hard-coded limit of 10kB for the size of the headers associated with a multipart request. A specially crafted request that used a large number of parts with large headers could trigger excessive memory usage leading to a DoS. (CVE-2025-48976)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 9.0.106. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.106_security-9 advisory.

  - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from     2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the     issue. (CVE-2025-48976)

  - Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using     PreResources or PostResources mounted other than at the root of the web application, it was possible to     access those resources via an unexpected path. That path was likely not to be protected by the same     security constraints as the expected path, allowing those security constraints to be bypassed. This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1     through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the     issue. (CVE-2025-49125)

  - Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the     Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache     Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. Users are     recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. (CVE-2025-49124)

  - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through     9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-48988)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_11.0.8_security-11 advisory.

  - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from     2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the     issue. (CVE-2025-48976)

  - Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using     PreResources or PostResources mounted other than at the root of the web application, it was possible to     access those resources via an unexpected path. That path was likely not to be protected by the same     security constraints as the expected path, allowing those security constraints to be bypassed. This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1     through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the     issue. (CVE-2025-49125)

  - Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the     Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache     Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. Users are     recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. (CVE-2025-49124)

  - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through     9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-48988)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 10.1.42. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_10.1.42_security-10 advisory.

  - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in     Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from     2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the     issue. (CVE-2025-48976)

  - Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using     PreResources or PostResources mounted other than at the root of the web application, it was possible to     access those resources via an unexpected path. That path was likely not to be protected by the same     security constraints as the expected path, allowing those security constraints to be bypassed. This issue     affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1     through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the     issue. (CVE-2025-49125)

  - Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the     Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache     Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. Users are     recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. (CVE-2025-49124)

  - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects     Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through     9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
    (CVE-2025-48988)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
243185	RHEL 10 / 8 / 9 : Red Hat JBoss Web Server 6.1.1 (RHSA-2025:11741)	Nessus	Red Hat Local Security Checks	high
242932	RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.8.5 (RHSA-2025:11695)	Nessus	Red Hat Local Security Checks	high
242492	Debian dla-4245 : libcommons-fileupload-java - security update	Nessus	Debian Local Security Checks	high
242491	Debian dla-4244 : libtomcat9-embed-java - security update	Nessus	Debian Local Security Checks	high
242296	Oracle Database Server (July 2025 CPU)	Nessus	Databases	high
242262	F5 Networks BIG-IP : Apache Commons vulnerability (K000152614)	Nessus	F5 Networks Local Security Checks	high
241761	Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1064)	Nessus	Amazon Linux Local Security Checks	high
241736	Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-020)	Nessus	Amazon Linux Local Security Checks	high
241733	Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1065)	Nessus	Amazon Linux Local Security Checks	high
241723	Amazon Linux 2 : tomcat (ALAS-2025-2920)	Nessus	Amazon Linux Local Security Checks	high
241129	SUSE SLES12 Security Update : jakarta-commons-fileupload (SUSE-SU-2025:02184-1)	Nessus	SuSE Local Security Checks	high
240893	SUSE SLES15 / openSUSE 15 Security Update : apache-commons-fileupload (SUSE-SU-2025:02159-1)	Nessus	SuSE Local Security Checks	high
114888	Apache Tomcat 9.0.0-M1 < 9.0.106 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	high
114887	Apache Tomcat 10.1.0-M1 < 10.1.42 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	high
114886	Apache Tomcat 11.0.0-M1 < 11.0.8 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	high
240060	Apache Tomcat 9.0.0.M1 < 9.0.106 multiple vulnerabilities	Nessus	Web Servers	high
240059	Apache Tomcat 11.0.0.M1 < 11.0.8 multiple vulnerabilities	Nessus	Web Servers	high
240058	Apache Tomcat 10.1.0.M1 < 10.1.42 multiple vulnerabilities	Nessus	Web Servers	high

Detections

Analytics

CVE-2025-48976

high

Tenable Plugins

Coming Soon

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high