CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

http://www.openwall.com/lists/oss-security/2021/03/01/2
https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:-:*:*:*:*:*:*

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

Exploitability v3.1

Attack Complexity	Attack vector	Privileges Required	Scope	User Interaction
HIGH	LOCAL	LOW	UNCHANGED	NONE

Impact v3.1

Confidentiality	Integrity	Availability
HIGH	HIGH	HIGH

Common Vulnerabilities and Exposures

CVE vulnerability data CVE-2021-25329

CVE-2021-25329

Access

Impact

Exploitability v3.1

Impact v3.1

Related Articles

Company

Resources

Products

Legal

Common Vulnerabilities and Exposures

CVE vulnerability data CVE-2021-25329

CVE-2021-25329

Access

Impact

Exploitability v3.1

Impact v3.1

Tags:

Related Articles