Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2021-25329

Published: 01/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

It exists that Tomcat did not properly validate the input length. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-9494, CVE-2021-25329, CVE-2021-41079)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 9.0.0

apache tomcat 10.0.0

apache tomcat

debian debian linux 9.0

debian debian linux 10.0

oracle managed file transfer 12.2.1.3.0

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle agile plm 9.3.3

oracle agile plm 9.3.6

oracle database 12.2.0.1

oracle database 19c

oracle managed file transfer 12.2.1.4.0

oracle siebel ui framework

oracle mysql enterprise monitor

oracle graph server and client

oracle database 21c

oracle siebel ui framework 21.9

oracle communications cloud native core policy 1.14.0

oracle communications instant messaging server 10.0.1.5.0

oracle communications cloud native core security edge protection proxy 1.6.0

Vendor Advisories

Red Hat: Important: Red Hat Fuse 7.11.0 release and security update
Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities
Several security issues were fixed in Tomcat ...
Debian Security Advisories: DSA-4891-1 tomcat9 -- security update
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure or denial of service For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u4 We recommend that you upgrade your tomcat9 packages For the detailed security status of tomcat9 please refer t ...
Amazon Linux 2: ALASTOMCAT8.5-2023-009
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control The highest threat from the vulnerability is to data confidentiality and integrity as well as system avai ...
Amazon Linux AMI: ALAS-2021-1493
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control The highest threat from the vulnerability is to data confidentiality and integrity as well as system avai ...
Red Hat: CVE-2021-25329
The fix for CVE-2020-9484 was incomplete When using Apache Tomcat 1000-M1 to 1000, 900M1 to 9041, 850 to 8561 or 700 to 70107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494 Note that both the previously published prerequisites for CVE-2020-9484 and th ...

References

NVD-CWE-noinfohttps://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/03/01/2https://lists.debian.org/debian-lts-announce/2021/03/msg00018.htmlhttps://security.netapp.com/advisory/ntap-20210409-0002/https://www.debian.org/security/2021/dsa-4891https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://security.gentoo.org/glsa/202208-34https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2022:5532https://ubuntu.com/security/notices/USN-5360-1https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook