Количество 12
Количество 12
CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...
SUSE-SU-2025:01882-1
Security update for tomcat
GHSA-ff77-26x5-69cr
Apache Tomcat Rewrite rule bypass
BDU:2025-05707
Уязвимость сервера приложений Apache Tomcat, связанная с недостатком механизма кодирования или экранирования выходных данных, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
SUSE-SU-2025:1537-1
Security update for tomcat10
SUSE-SU-2025:1521-1
Security update for tomcat
SUSE-SU-2025:01537-1
Security update for tomcat10
SUSE-SU-2025:01521-1
Security update for tomcat
ROS-20250515-10
Множественные уязвимости tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-31651 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. | CVSS3: 9.8 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-31651 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. | CVSS3: 5.3 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-31651 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. | CVSS3: 9.8 | 0% Низкий | 6 месяцев назад |
| CVE-2025-31651 Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ... | CVSS3: 9.8 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:01882-1 Security update for tomcat | 0% Низкий | 5 месяцев назад | |
| GHSA-ff77-26x5-69cr Apache Tomcat Rewrite rule bypass | 0% Низкий | 6 месяцев назад | |
 | BDU:2025-05707 Уязвимость сервера приложений Apache Tomcat, связанная с недостатком механизма кодирования или экранирования выходных данных, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации | CVSS3: 9.8 | 0% Низкий | 6 месяцев назад |
| SUSE-SU-2025:1537-1 Security update for tomcat10 | 6 месяцев назад | ||
| SUSE-SU-2025:1521-1 Security update for tomcat | 6 месяцев назад | ||
| SUSE-SU-2025:01537-1 Security update for tomcat10 | 5 месяцев назад | ||
| SUSE-SU-2025:01521-1 Security update for tomcat | 5 месяцев назад | ||
 | ROS-20250515-10 Множественные уязвимости tomcat | CVSS3: 9.8 | 6 месяцев назад |
Уязвимостей на страницу