Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-52520

Опубликовано: 10 июл. 2025
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.107 (исключая)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 10.1.0 (включая) до 10.1.43 (исключая)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.0.9 (исключая)

EPSS

Процентиль: 45%
0.00226
Низкий

7.5 High

CVSS3

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2025-52520

CVSS3: 7.5
ubuntu
2 месяца назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

redhat логотип

CVE-2025-52520

CVSS3: 3.7
redhat
2 месяца назад

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

debian логотип

CVE-2025-52520

CVSS3: 7.5
debian
2 месяца назад

For some unlikely configurations of multipart upload, an Integer Overf ...

github логотип

GHSA-wr62-c79q-cv37

CVSS3: 7.5
github
2 месяца назад

Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

fstec логотип

BDU:2025-08953

CVSS3: 5.6
fstec
2 месяца назад

Уязвимость сервера приложений Apache Tomcat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 45%
0.00226
Низкий

7.5 High

CVSS3

Дефекты

CWE-190