CNNVD-202507-1406 Information

Jul 10, 2025 cve

CNNVD ID

CNNVD-202507-1406

CVE-2025-52520

CNNVD Published: 2025-07-10

Description (Chinese)

Apache Tomcat是美国阿帕奇（Apache）基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page（JSP）的支持。 Apache Tomcat存在输入验证错误漏洞，该漏洞源于整数溢出，可能导致绕过大小限制。以下版本受到影响：11.0.0-M1至11.0.8版本、10.1.0-M1至10.1.42版本和9.0.0.M1至9.0.106版本。

Description (English)

Apache Tomcat is a lightweight Web application server for the Apache Foundation in the United States. Support for Servlet and JavaServer Page (JSP). Apache Tomcat has an input authentication error that originates from an integer spill and may lead to bypassing the size limit. The following versions were affected: 11.0.0-M1 to 11.0.8, 10.1.0-M1 to 10.1.42 and 9.0.0.M1 to 9.0.106.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

阿帕奇

Published

2025-07-10

Last Modified

2026-02-24

References

https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5 https://nvd.nist.gov/vuln/detail/CVE-2025-52520 https://www.oracle.com/security-alerts/cpuoct2025.html https://access.redhat.com/security/cve/cve-2025-52520

Patch

https://tomcat.apache.org/

Share on: