fkie_nvd - fkie_cve-2025-31650

fkie_cve-2025-31650

Vulnerability from fkie_nvd

Published

2025-04-28 20:15

Modified

2025-08-08 12:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

References

▶	URL	Tags
	security@apache.org	https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/04/28/2	Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
apache	tomcat	*
apache	tomcat	*
apache	tomcat	*
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0
apache	tomcat	11.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4F87EB-0046-4BAA-91C8-C60C60425186",
              "versionEndExcluding": "9.0.104",
              "versionStartIncluding": "9.0.76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC8AA6F-0BB4-4075-8F2B-DE39FD9A2BD8",
              "versionEndExcluding": "10.1.40",
              "versionStartIncluding": "10.1.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AB4386-DB38-4808-924A-617CECE9F939",
              "versionEndExcluding": "11.0.6",
              "versionStartIncluding": "11.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
              "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
              "matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*",
              "matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*",
              "matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*",
              "matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*",
              "matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*",
              "matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*",
              "matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*",
              "matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*",
              "matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*",
              "matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*",
              "matchCriteriaId": "7914D26B-CBD6-4846-9BD3-403708D69319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*",
              "matchCriteriaId": "123C6285-03BE-49FC-B821-8BDB25D02863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*",
              "matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*",
              "matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*",
              "matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat. La gesti\u00f3n incorrecta de errores en algunos encabezados de prioridad HTTP no v\u00e1lidos provoc\u00f3 una limpieza incompleta de la solicitud fallida, lo que gener\u00f3 una fuga de memoria. Un gran n\u00famero de solicitudes de este tipo podr\u00eda generar una excepci\u00f3n OutOfMemoryException, lo que resulta en una denegaci\u00f3n de servicio. Este problema afecta a Apache Tomcat: de la 9.0.76 a la 9.0.102, de la 10.1.10 a la 10.1.39 y de la 11.0.0-M2 a la 11.0.5. Se recomienda actualizar a las versiones 9.0.104, 10.1.40 o 11.0.6, que solucionan el problema."
    }
  ],
  "id": "CVE-2025-31650",
  "lastModified": "2025-08-08T12:15:27.817",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-28T20:15:20.653",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/04/28/2"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CVE-2025-31650 (GCVE-0-2025-31650)

Vulnerability from cvelistv5

Published

2025-04-28 19:14

Modified

2025-08-08 11:43

Severity ?

CWE

CWE-459 - Incomplete Cleanup

Summary

References

►

URL

Tags

https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826

vendor-advisory