On 30/10/2025 04:34, Thiru wrote:
Hello Team,
Good morning.
I would greatly appreciate your guidance on the following question
regarding CVE-2025-55752:
In a default Tomcat setup, the RewriteValve is not enabled by default.
Based on this, is it correct to assume that this vulnerability does not
affect default Tomcat installations?
As long as the RewriteValve has not been enabled (keep in mind it could
be configured at either the Tomcat or the application level), a Tomcat
instance will not be vulnerable to this CVE.
If the RewriteValve has been enabled, it will depend on the content of
the rewrite rules. In that scenario, I'd view updating rather than
reviewing the rewrite rules as the safer option.
Mark
Thank you for your time and assistance. I look forward to your insights.
Kind regards,
Thiru
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
