INFSA-2025:7497: tomcat security update
Information about definition
Identificator: INFSA-2025:7497
Type: security
Release date: 2025-07-15 19:21:20 UTC
Information about package
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Vulnerabilities description
- CVE-2025-24813
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat.
- CVE-2024-52316
A flaw was found in Apache Tomcat when configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component. This vulnerability allows authentication bypass via improperly handled exceptions during the authentication process.
- CVE-2024-54677
A flaw was found in the "examples" web application of Apache Tomcat. Numerous examples within that application did not place limits on uploaded data. This vulnerability can potentially trigger an out-of-memory (OOM) error, leading to a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-52316
|
no information | 7.4 | no information |
|
NIST — CVE-2024-54677
|
no information | 3.7 | no information |
|
NIST — CVE-2025-24813
|
no information | 8.6 | no information |
Updated packages