CVE-2025-31651 Apache Tomcat - Rewrite rule bypass
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.5
Apache Tomcat 10.1.0-M1 to 10.1.39
Apache Tomcat 9.0.0.M1 to 9.0.102
Description:
For a subset of unlikely rewrite rule configurations, i
CVE-2025-31650 Apache Tomcat - DoS via invalid HTTP prioritization header
Severity: High
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M2 to 11.0.5
Apache Tomcat 10.1.10 to 10.1.39
Apache Tomcat 9.0.76 to 9.0.102
Description:
Incorrect error handling for some i
On 28/04/2025 16:35, Christopher Schultz wrote:
ABT,
On 4/28/25 9:05 AM, A Name wrote:
We are looking at adding a second instance of our app (named
differently --
myappA and myappB) to our Tomcat 9. We currently have the app
installed at
a number of customer locations, we are looking at drop
ABT,
On 4/28/25 9:05 AM, A Name wrote:
We are looking at adding a second instance of our app (named differently --
myappA and myappB) to our Tomcat 9. We currently have the app installed at
a number of customer locations, we are looking at dropping 1 app
Currently, our database connections are
Ramesh,
On 4/28/25 7:00 AM, Ramesh B R wrote:
The application hosted on tomcat9 exposes soap api which is consumed by SAP.
On a daily basis we are getting 200 thousands transactions and out of that
we could see around 1000 to 2000 failed transactions due to CONNECTION
REFUSED, CONNECTION CLOSED
On Mon, Apr 28, 2025 at 9:32 AM Mark Thomas wrote:
> > On 28/04/2025 14:05, A Name wrote:
> > > We are looking at adding a second instance of our app (named
> differently --
> > > myappA and myappB) to our Tomcat 9. We currently have the app
> installed at
> > > a number of customer locations, w
On 28/04/2025 14:05, A Name wrote:
We are looking at adding a second instance of our app (named differently --
myappA and myappB) to our Tomcat 9. We currently have the app installed at
a number of customer locations, we are looking at dropping 1 app
Currently, our database connections are esta
We are looking at adding a second instance of our app (named differently --
myappA and myappB) to our Tomcat 9. We currently have the app installed at
a number of customer locations, we are looking at dropping 1 app
Currently, our database connections are established inside the GLOBAL
web.xml in
Hell all,
The application hosted on tomcat9 exposes soap api which is consumed by SAP.
On a daily basis we are getting 200 thousands transactions and out of that
we could see around 1000 to 2000 failed transactions due to CONNECTION
REFUSED, CONNECTION CLOSED and PARSE ERROR.
The application is r
