FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache Tomcat -- Multiple Vulnerabilities

Affected packages
11.0.0 < tomcat110
tomcat110 < 11.0.9
10.1.0 < tomcat101
tomcat101 < 10.1.43
9.0.0 < tomcat9
tomcat9 < 9.0.107

Details

VuXML ID ef87346f-5dd0-11f0-beb2-ac5afc632ba3
Discovery 2025-07-10
Entry 2025-07-10

security@apache.org reports:

A race condition on connection close could trigger a JVM crash when using the APR/Native connector leading to a DoS. This was particularly noticeable with client initiated closes of HTTP/2 connections.

[source]

An uncontrolled resource consumption vulnerability if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams could result in a DoS.

[source]

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability could lead to a DoS via bypassing of size limits.

[source]

References

CVE Name CVE-2025-52434
CVE Name CVE-2025-52520
CVE Name CVE-2025-53506
URL https://nvd.nist.gov/vuln/detail/CVE-2025-52434
URL https://nvd.nist.gov/vuln/detail/CVE-2025-52520
URL https://nvd.nist.gov/vuln/detail/CVE-2025-53506

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.