CNNVD-202508-1339 Information
CNNVD ID
CNNVD-202508-1339
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 11.0.0-M1至11.0.7版本、10.1.0-M1至10.1.41版本和9.0.0.M1至9.0.105版本存在授权问题漏洞,该漏洞源于rewrite valve导致的会话固定问题。
Description (English)
Apache Tomcat is a lightweight Web application server for the Apache Foundation in the United States. Support for Servlet and JavaServer Page (JSP). Appache Tomcat 11.0.0-M1 to 11.0.7, 10.1.0-M1 to 10.1.41 and 9.0.0.M1 to 9.0.105 had a mandate gap, which stemmed from fixed conversational problems caused by rewrite valve.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
阿帕奇
Published
2025-08-13
Last Modified
2026-02-24
References
https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47 https://nvd.nist.gov/vuln/detail/CVE-2025-55668 https://access.redhat.com/security/cve/cve-2025-55668 https://vigilance.fr/vulnerability/Apache-Tomcat-user-access-via-Rewrite-Valve-47965
Patch
https://tomcat.apache.org/security-11.html
Share on: