Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-55668

Опубликовано: 13 авг. 2025
Источник: debian
EPSS Низкий

Описание

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat11unfixedpackage
tomcat10unfixedpackage
tomcat9fixed9.0.70-2package

Примечания

  • Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version

  • https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47

  • https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21 (11.0.8)

  • https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6 (10.1.42)

  • https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95 (9.0.106)

EPSS

Процентиль: 1%
0.00012
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-55668

CVSS3: 6.5
ubuntu
13 дней назад

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

redhat логотип

CVE-2025-55668

CVSS3: 6.5
redhat
15 дней назад

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

nvd логотип

CVE-2025-55668

CVSS3: 6.5
nvd
15 дней назад

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

github логотип

GHSA-23hv-mwm6-g8jf

CVSS3: 6.5
github
15 дней назад

Apache Tomcat Session Fixation vulnerability

fstec логотип

BDU:2025-09900

CVSS3: 6.5
fstec
3 месяца назад

Уязвимость сервера приложений Apache Tomcat, связанная с недостатками разграничения доступа, позволяющая нарушителю перехватить сеанс и получить доступ к учетной записи пользователя

EPSS

Процентиль: 1%
0.00012
Низкий