Количество 21
Количество 21
CVE-2025-49125
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
CVE-2025-49125
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
CVE-2025-49125
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
CVE-2025-49125
Authentication Bypass Using an Alternate Path or Channel vulnerability ...
GHSA-wc4r-xq3c-5cf3
Apache Tomcat - Security constraint bypass for pre/post-resources
BDU:2025-09499
Уязвимость сервера приложений Apache Tomcat, связанная с обходом процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации
ROS-20250822-05
Уязвимость tomcat10
ROS-20250822-04
Уязвимость tomcat
SUSE-SU-2025:02979-1
Security update for tomcat11
SUSE-SU-2025:02978-1
Security update for tomcat10
SUSE-SU-2025:02280-1
Security update for tomcat
SUSE-SU-2025:02261-1
Security update for tomcat10
SUSE-SU-2025:02214-1
Security update for tomcat
SUSE-SU-2025:03024-1
Security update for tomcat
RLSA-2025:14179
Important: tomcat security update
ELSA-2025-14179
ELSA-2025-14179: tomcat security update (IMPORTANT)
RLSA-2025:14178
Important: tomcat9 security update
RLSA-2025:14177
Important: tomcat security update
ELSA-2025-14181
ELSA-2025-14181: tomcat security update (IMPORTANT)
ELSA-2025-14178
ELSA-2025-14178: tomcat9 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-49125 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-49125 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | CVSS3: 3.7 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-49125 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
| CVE-2025-49125 Authentication Bypass Using an Alternate Path or Channel vulnerability ... | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
| GHSA-wc4r-xq3c-5cf3 Apache Tomcat - Security constraint bypass for pre/post-resources | 0% Низкий | 5 месяцев назад | |
 | BDU:2025-09499 Уязвимость сервера приложений Apache Tomcat, связанная с обходом процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
 | ROS-20250822-05 Уязвимость tomcat10 | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
| ROS-20250822-04 Уязвимость tomcat | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
 | SUSE-SU-2025:02979-1 Security update for tomcat11 | 2 месяца назад | ||
| SUSE-SU-2025:02978-1 Security update for tomcat10 | 2 месяца назад | ||
| SUSE-SU-2025:02280-1 Security update for tomcat | 4 месяца назад | ||
| SUSE-SU-2025:02261-1 Security update for tomcat10 | 4 месяца назад | ||
| SUSE-SU-2025:02214-1 Security update for tomcat | 4 месяца назад | ||
| SUSE-SU-2025:03024-1 Security update for tomcat | 2 месяца назад | ||
 | RLSA-2025:14179 Important: tomcat security update | около 1 месяца назад | ||
| ELSA-2025-14179 ELSA-2025-14179: tomcat security update (IMPORTANT) | 2 месяца назад | ||
| RLSA-2025:14178 Important: tomcat9 security update | около 1 месяца назад | ||
| RLSA-2025:14177 Important: tomcat security update | около 2 месяцев назад | ||
| ELSA-2025-14181 ELSA-2025-14181: tomcat security update (IMPORTANT) | 3 месяца назад | ||
| ELSA-2025-14178 ELSA-2025-14178: tomcat9 security update (IMPORTANT) | 2 месяца назад |
Уязвимостей на страницу