Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-48988

Опубликовано: 16 июн. 2025
Источник: debian
EPSS Низкий

Описание

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat11unfixedpackage
tomcat10unfixedpackage
tomcat9fixed9.0.70-2package

Примечания

  • Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version

  • https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18

  • https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e (11.0.8)

  • https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 (10.1.42)

  • https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106)

EPSS

Процентиль: 12%
0.00042
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-48988

CVSS3: 7.5
ubuntu
около 2 месяцев назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

redhat логотип

CVE-2025-48988

CVSS3: 5.3
redhat
около 2 месяцев назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

nvd логотип

CVE-2025-48988

CVSS3: 7.5
nvd
около 2 месяцев назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

github логотип

GHSA-h3gc-qfqq-6h8f

CVSS3: 7.5
github
около 2 месяцев назад

Apache Tomcat - DoS in multipart upload

redos логотип

ROS-20250710-14

CVSS3: 7.5
redos
около 1 месяца назад

Уязвимость tomcat

EPSS

Процентиль: 12%
0.00042
Низкий