CNNVD-202507-1409 Information

Jul 10, 2025 cve

CNNVD ID

CNNVD-202507-1409

CVE-2025-53506

CNNVD Published: 2025-07-10

Description (Chinese)

Apache Tomcat是美国阿帕奇（Apache）基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page（JSP）的支持。 Apache Tomcat存在资源管理错误漏洞，该漏洞源于HTTP/2客户端未确认初始设置帧，可能导致资源消耗不受控制。以下版本受到影响：11.0.0-M1至11.0.8版本、10.1.0-M1至10.1.42版本和9.0.0.M1至9.0.106版本。

Description (English)

Apache Tomcat is a lightweight Web application server for the Apache Foundation in the United States. Support for Servlet and JavaServer Page (JSP). Apache Tomcat had a resource management error loophole, which stemmed from the failure of the initial frame of the HTTP/2 client, which could lead to uncontrolled resource consumption. The following versions were affected: 11.0.0-M1 to 11.0.8, 10.1.0-M1 to 10.1.42 and 9.0.0.M1 to 9.0.106.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

阿帕奇

Published

2025-07-10

Last Modified

2026-02-24

References

https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0 https://nvd.nist.gov/vuln/detail/CVE-2025-53506 https://access.redhat.com/security/cve/cve-2025-53506

Patch

https://tomcat.apache.org/

Share on: