Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-52520

Опубликовано: 10 июл. 2025
Источник: debian
EPSS Низкий

Описание

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat11unfixedpackage
tomcat10unfixedpackage
tomcat9fixed9.0.70-2package

Примечания

  • Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version

  • https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db (11.0.9)

  • https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c (10.1.43)

  • https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040 (9.0.107)

EPSS

Процентиль: 38%
0.00164
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-52520

CVSS3: 7.5
ubuntu
23 дня назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

redhat логотип

CVE-2025-52520

CVSS3: 3.7
redhat
23 дня назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

nvd логотип

CVE-2025-52520

CVSS3: 7.5
nvd
23 дня назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

github логотип

GHSA-wr62-c79q-cv37

CVSS3: 7.5
github
23 дня назад

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

fstec логотип

BDU:2025-08953

CVSS3: 5.6
fstec
24 дня назад

Уязвимость сервера приложений Apache Tomcat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 38%
0.00164
Низкий