Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2021-25122 CVE-2021-25329 |
CWE-ID | CWE-399 CWE-502 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Apache Tomcat Server applications / Web servers |
Vendor | Apache Foundation |
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU51014
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-25122
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the application when processing new h2c connection requests. A remote attacker can send specially crafted requests to the server and obtain contents of HTTP responses, served to other users.
Install updates from vendor's website.
Vulnerable software versionsApache Tomcat: 10.0.0 - 10.0.1, 9.0.0 - 9.0.42, 8.5.0 - 8.5.62, 8.0.0 - 8.0.53
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU51012
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-25329
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Note, the vulnerability exists due to incomplete fix for #VU28158 and requires a certain specific configuration.
Install updates from vendor's website.
Vulnerable software versionsApache Tomcat: 10.0.0 - 10.0.1, 9.0.0 - 9.0.42, 8.5.0 - 8.5.62, 8.0.0 - 8.0.53, 7.0.0 - 7.0.107
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?