GHSA-25xr-qj8w-c4vf

Опубликовано: 10 июл. 2025

Источник: github

Github: Прошло ревью

CVSS4: 6.3

CVSS3: 7.5

Описание

Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.

Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat-coyote

maven

Затронутые версииВерсия исправления

>= 11.0.0-M1, < 11.0.9

11.0.9

Наименование

org.apache.tomcat:tomcat-coyote

maven

Затронутые версииВерсия исправления

>= 10.1.0-M1, < 10.1.43

10.1.43

Наименование

org.apache.tomcat:tomcat-coyote

maven

Затронутые версииВерсия исправления

>= 9.0.0.M1, < 9.0.107

9.0.107

EPSS

Процентиль: 16%

0.00052

Низкий

6.3 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-53506

Дефекты

CWE-400

Связанные уязвимости

CVE-2025-53506

CVSS3: 7.5

ubuntu

12 дней назад

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

CVE-2025-53506

CVSS3: 5.3

redhat

12 дней назад

CVE-2025-53506

CVSS3: 7.5

nvd

12 дней назад

CVE-2025-53506

CVSS3: 7.5

debian

12 дней назад

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...

EPSS

Процентиль: 16%

0.00052

Низкий

6.3 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-53506

Дефекты

CWE-400