Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-55668

Опубликовано: 13 авг. 2025
Источник: debian

Описание

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat11fixed11.0.11-1package
tomcat10fixed10.1.46-1package
tomcat9fixed9.0.70-2package

Примечания

  • Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version

  • https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47

  • https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21 (11.0.8)

  • https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6 (10.1.42)

  • https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95 (9.0.106)

Связанные уязвимости

ubuntu логотип

CVE-2025-55668

CVSS3: 6.5
ubuntu
3 месяца назад

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

redhat логотип

CVE-2025-55668

CVSS3: 6.5
redhat
3 месяца назад

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

nvd логотип

CVE-2025-55668

CVSS3: 6.5
nvd
3 месяца назад

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

github логотип

GHSA-23hv-mwm6-g8jf

CVSS3: 6.5
github
3 месяца назад

Apache Tomcat Session Fixation vulnerability

fstec логотип

BDU:2025-09900

CVSS3: 6.5
fstec
5 месяцев назад

Уязвимость сервера приложений Apache Tomcat, связанная с недостатками разграничения доступа, позволяющая нарушителю перехватить сеанс и получить доступ к учетной записи пользователя