Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-wr62-c79q-cv37

Опубликовано: 10 июл. 2025
Источник: github
Github: Прошло ревью
CVSS4: 6.3
CVSS3: 7.5

Описание

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.

Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat-catalina

maven
Затронутые версииВерсия исправления

>= 11.0.0-M1, < 11.0.9

11.0.9

Наименование

org.apache.tomcat:tomcat-catalina

maven
Затронутые версииВерсия исправления

>= 10.1.0-M1, < 10.1.43

10.1.43

Наименование

org.apache.tomcat:tomcat-catalina

maven
Затронутые версииВерсия исправления

>= 9.0.0.M1, < 9.0.107

9.0.107

EPSS

Процентиль: 16%
0.00052
Низкий

6.3 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-52520

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2025-52520

CVSS3: 7.5
ubuntu
23 дня назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

redhat логотип

CVE-2025-52520

CVSS3: 3.7
redhat
23 дня назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

nvd логотип

CVE-2025-52520

CVSS3: 7.5
nvd
23 дня назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

debian логотип

CVE-2025-52520

CVSS3: 7.5
debian
23 дня назад

For some unlikely configurations of multipart upload, an Integer Overf ...

fstec логотип

BDU:2025-08953

CVSS3: 5.6
fstec
24 дня назад

Уязвимость сервера приложений Apache Tomcat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 16%
0.00052
Низкий

6.3 Medium

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2025-52520

Дефекты

CWE-190