Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-53506

Опубликовано: 10 июл. 2025
Источник: debian
EPSS Низкий

Описание

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat11unfixedpackage
tomcat10unfixedpackage
tomcat9fixed9.0.70-2package

Примечания

  • Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version

  • https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b (11.0.9)

  • https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb (10.1.43)

  • https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b (9.0.107)

EPSS

Процентиль: 16%
0.00052
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-53506

CVSS3: 7.5
ubuntu
12 дней назад

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

redhat логотип

CVE-2025-53506

CVSS3: 5.3
redhat
12 дней назад

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

nvd логотип

CVE-2025-53506

CVSS3: 7.5
nvd
12 дней назад

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

github логотип

GHSA-25xr-qj8w-c4vf

CVSS3: 7.5
github
12 дней назад

Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

EPSS

Процентиль: 16%
0.00052
Низкий