[Git][security-tracker-team/security-tracker][master] Add CVE-2025-46701/tomcat*

Thu, 29 May 2025 21:36:51 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7d6d3f21 by Salvatore Bonaccorso at 2025-05-30T06:35:56+02:00
Add CVE-2025-46701/tomcat*

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,7 +59,18 @@ CVE-2025-46823 (openmrs-module-fhir2 provides the FHIR REST 
API and related serv
 CVE-2025-46722 (vLLM is an inference and serving engine for large language 
models (LLM ...)
        - vllm <itp> (bug #1095237)
 CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache 
Tomcat's ...)
-       TODO: check
+       - tomcat11 <unfixed>
+       - tomcat10 <unfixed>
+       - tomcat9 9.0.70-2
+       [bullseye] - tomcat9 <postponed> (Minor issue, unlikely access control 
bypass, fix along with next DLA)
+       NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server 
stack, using that as the fixed version
+       NOTE: https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j
+       NOTE: 
https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2
 (11.0.7)
+       NOTE: 
https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a
 (11.0.7)
+       NOTE: 
https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5
 (10.1.41)
+       NOTE: 
https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558
 (10.1.41)
+       NOTE: 
https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74
 (9.0.105)
+       NOTE: 
https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605
 (9.0.105)
 CVE-2025-46570 (vLLM is an inference and serving engine for large language 
models (LLM ...)
        - vllm <itp> (bug #1095237)
 CVE-2025-46080 (HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can 
exploit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6d3f210ea70e98d27aaa9fbe6df95e4cf575ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d6d3f210ea70e98d27aaa9fbe6df95e4cf575ba
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to