Описание
For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
A denial of service flaw was found in Apache Tomcat. For some unlikely configurations of multipart upload, an integer overflow vulnerability may lead to a denial of service via bypassing size limits.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | tomcat6 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | tomcat | Fix deferred | ||
| Red Hat Enterprise Linux 8 | pki-deps:10.6/pki-servlet-engine | Fix deferred | ||
| Red Hat Enterprise Linux 9 | pki-servlet-engine | Fix deferred | ||
| Red Hat Enterprise Linux 10 | tomcat9 | Fixed | RHSA-2025:14178 | 20.08.2025 |
| Red Hat Enterprise Linux 10 | tomcat | Fixed | RHSA-2025:14179 | 20.08.2025 |
| Red Hat Enterprise Linux 8 | tomcat | Fixed | RHSA-2025:14177 | 20.08.2025 |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | tomcat | Fixed | RHSA-2025:14182 | 20.08.2025 |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | tomcat | Fixed | RHSA-2025:14182 | 20.08.2025 |
| Red Hat Enterprise Linux 9 | tomcat | Fixed | RHSA-2025:14181 | 20.08.2025 |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS3
Связанные уязвимости
For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
For some unlikely configurations of multipart upload, an Integer Overf ...
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
Уязвимость сервера приложений Apache Tomcat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
3.7 Low
CVSS3