Tomcat — контейнер сервлетов с открытым исходным кодом
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 132
GHSA-25xr-qj8w-c4vf
Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams
GHSA-wr62-c79q-cv37
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
GHSA-4j3c-42xv-3f84
Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector
CVE-2025-53506
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
CVE-2025-53506
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...
CVE-2025-53506
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
CVE-2025-52520
For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
CVE-2025-52520
For some unlikely configurations of multipart upload, an Integer Overf ...
CVE-2025-52434
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue.
CVE-2025-52434
Concurrent Execution using Shared Resource with Improper Synchronizati ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-25xr-qj8w-c4vf Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
| GHSA-wr62-c79q-cv37 Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
| GHSA-4j3c-42xv-3f84 Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
 | CVE-2025-53506 Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
| CVE-2025-53506 Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ... | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
 | CVE-2025-53506 Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
| CVE-2025-52520 For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
| CVE-2025-52520 For some unlikely configurations of multipart upload, an Integer Overf ... | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
| CVE-2025-52434 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 9.0.107, which fixes the issue. | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
| CVE-2025-52434 Concurrent Execution using Shared Resource with Improper Synchronizati ... | CVSS3: 7.5 | 0% Низкий | 23 дня назад |
Уязвимостей на страницу