exploitDog

GHSA-h3gc-qfqq-6h8f

Опубликовано: 16 июн. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

Apache Tomcat - DoS in multipart upload

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat-catalina

maven

Затронутые версииВерсия исправления

>= 11.0.0-M1, <= 11.0.7

11.0.8

Наименование

org.apache.tomcat:tomcat-catalina

maven

Затронутые версииВерсия исправления

>= 10.1.0-M1, <= 10.1.41

10.1.42

Наименование

org.apache.tomcat:tomcat-catalina

maven

Затронутые версииВерсия исправления

>= 9.0.0.M1, <= 9.0.105

9.0.106

Наименование

org.apache.tomcat.embed:tomcat-embed-core

maven

Затронутые версииВерсия исправления

>= 11.0.0-M1, <= 11.0.7

11.0.8

Наименование

org.apache.tomcat.embed:tomcat-embed-core

maven

Затронутые версииВерсия исправления

>= 10.1.0-M1, <= 10.1.41

10.1.42

Наименование

org.apache.tomcat.embed:tomcat-embed-core

maven

Затронутые версииВерсия исправления

>= 9.0.0.M1, <= 9.0.105

9.0.106

EPSS

Процентиль: 12%

0.00042

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-48988

CVSS3: 7.5

ubuntu

около 2 месяцев назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVE-2025-48988

CVSS3: 5.3

redhat

около 2 месяцев назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVE-2025-48988

CVSS3: 7.5

nvd

около 2 месяцев назад

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVE-2025-48988

CVSS3: 7.5

debian

около 2 месяцев назад

Allocation of Resources Without Limits or Throttling vulnerability in ...

ROS-20250710-14

CVSS3: 7.5

redos

около 1 месяца назад

Уязвимость tomcat

EPSS

Процентиль: 12%

0.00042

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

Дефекты

CWE-770