CVE-2025-24813
Published Mar 10, 2025
Last updated 4 months ago
AI description
CVE-2025-24813 is a vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0.M1 through 10.1.34, and 11.0.0.M1 through 11.0.2. It stems from an issue in how Tomcat handles partial PUT requests. Specifically, the vulnerability arises from the use of a temporary file based on user-supplied filenames and paths, where the path separator is replaced by a dot. This can potentially allow unauthorized access to sensitive files, injection of malicious content, or even remote code execution under certain conditions. Exploitation of this vulnerability requires a specific set of circumstances. For information disclosure or content injection, the default servlet must have write access enabled (it's disabled by default), partial PUT support must be enabled (which it is by default), and the target URL for sensitive uploads must be a subdirectory of a public upload URL. The attacker also needs to know the names of the sensitive files being uploaded via partial PUT. For remote code execution, the same conditions apply, with the addition of the application using Tomcat's file-based session persistence in the default location and including a library vulnerable to deserialization attacks.
- Description
- Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache Tomcat Path Equivalence Vulnerability
- Exploit added on
- Apr 1, 2025
- Exploit action due
- Apr 22, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
还原漏洞调用链:CVE-2025-24813 Tomcat 反序列化漏洞源码深度解析 攻击者可执行任意代码: 默认 Servlet 启用了写权 限默认禁用 启用了部分PUT请求支持 默认启用 应用程序使用 Tomcat 的基于文件的会话持久化(默
@hackerkiki_6
22 Jul 2025
1431 Impressions
0 Retweets
33 Likes
0 Bookmarks
0 Replies
0 Quotes
This article delves into security risks posed by unpatched Apache Tomcat and Camel instances. We present an in-depth analysis of CVE-2025-24813 and CVE-2025-27636 and CVE-2025-29891 as well as findings from our telemetry (including exploit payloads). https://t.co/FogfF5t2xU https
@Unit42_Intel
15 Jul 2025
4223 Impressions
22 Retweets
62 Likes
14 Bookmarks
0 Replies
0 Quotes
【アーカイブ】 Tomcatに新たな脅威!早急な対策が必須です。 Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXC8lG #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
14 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【アーカイブ】 重要なセキュリティ情報です。早急な対応を! Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXCGbe #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
14 Jul 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
【アーカイブ】 重要!Apache Tomcatの脆弱性にご注意ください。 Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXC8lG #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
10 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【脆弱性分析】Apacheが提供する主要製品に深刻な脆弱性が相次いで発見された。TomcatのCVE-2025-24813と、CamelのCVE-2025-27636、CVE-2025-29891の3つが2025年3月に公開され、いずれもリモートコード実行を可能にする。 Tom
@nakajimeeee
5 Jul 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ RCE flaws in Apache Tomcat (CVE-2025-24813) & Camel (CVE-2025-27636/29891) under active attack. 🚨 Exploits use partial PUT & header case tricks. 🔧 Patch now. Over 125K attempts detected. Read more: https://t.co/tO1iixhgQb #Apache #CVE2025 #CyberSecurity
@threatsbank
5 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"Apache disclosed critical RCE bugs: CVE-2025-24813 in Tomcat, CVE-2025-27636 & CVE-2025-29891 in Camel. Millions of developers at risk. Patch ASAP."
@Tudorel92659164
4 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hello everyone, I and my dear buddy @soltanali0 spent our time to analysis the this CVE-2025-24813 yesterday and we've written it down , we decided share it with you –– coming soon
@MrKlaus1337
4 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hello everyone, today I and my dear buddy @soltanali0 spent our time to analysis the this CVE-2025-24813 and we've written down it , we decided share it with you –– coming soon
@MrKlaus1337
4 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Foundationは2025年、TomcatとCamelに重大な脆弱性が存在することを公表した。TomcatのCVE-2025-24813は、HTTP PUTリクエストを悪用し、セッション永続化が有効な環境でリモートコード実行を可能にする。
@yousukezan
3 Jul 2025
819 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Apache Tomcat bajo fuego: CVE-2025-24813 (RCE pre-auth vía partial PUT) ya observado en la wild. Parchéalo YA. 😉 #CVE2025 #ApacheTomcat #bugbountytips https://t.co/NYVv53pu9j
@gorkaelbochi
3 Jul 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities in Apache Tomcat (CVE-2025-24813) & Camel (CVE-2025-27636, CVE-2025-29891) exposed millions to remote code execution. Widespread scans and exploits highlight the urgent need for patches. 🚨 #SecurityAlert #OpenSource #UK https://t.co/Tp9rRTLiPD
@TweetThreatNews
3 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 1/ 🚨 #Apache bajo ataque: Vulnerabilidades en Tomcat (Partial PUT CVE-2025-24813) y Camel (Header Hijack CVE-2025-27636) revelan riesgos críticos. Descubiertos recientemente, pueden ser explotados para comprometer sistemas. 🌐 Detalles: https://t.co/DlFPoXSyxT
@x_sentinel99263
3 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【アーカイブ】 重要なセキュリティ情報!対策はお早めに。 Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXC8lG #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
2 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-24813: Apache Tomcat potential RCE and/or information disclosure and/or information corruption with partial PUT ZoomEye Link: https://t.co/IHs6PYm1JQ ZoomEye Dork: app="Apache Tomcat" Results: 815,431 Advisory: https://t.co/CxmqZXS3Sh PoC: https://t.co/ptDYkVO0
@DarkWebInformer
18 Jun 2025
16599 Impressions
77 Retweets
265 Likes
133 Bookmarks
3 Replies
0 Quotes
Cybersecurity analysts detect ongoing brute-force campaigns targeting exposed Apache Tomcat Manager panels from hundreds of malicious IPs ✋. Strong authentication & timely patching are vital, especially after CVE-2025-24813. #Tomcat #Security #UK https://t.co/adbPF73uRj
@TweetThreatNews
11 Jun 2025
66 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#Vulnerability #apacheTomcat CISA Flags Apache Tomcat CVE-2025-24813 as Actively Exploited with 9.8 CVSS https://t.co/kQK83S8mE2
@Komodosec
6 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ New SOC Alert: Apache Tomcat Serialized Payload RCE CVE-2025-24813 is a critical Apache Tomcat RCE vulnerability caused by path equivalence in HTTP PUT handling, allowing attackers to upload malicious payloads and execute arbitrary code remotely. 🙍 Role: Incident ht
@LetsDefendIO
31 May 2025
4917 Impressions
12 Retweets
85 Likes
38 Bookmarks
0 Replies
1 Quote
『Arctera/Veritas Desktop Laptop Option versions: 9.7, 9.8, 9.8.1, 9.8.2, 9.8.3 and 9.9. Earlier unsupported versions may be affected as well.』 CVE-2024-38475 CVE-2025-24813 Desktop Laptop Option (DLO) Apache HTTP Server and Tomcat Vulnerabilities https://t.co/epylioiFMb
@autumn_good_35
29 May 2025
255 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای وب سرور apache Tomcat آسیب پذیری با کد شناسایی CVE-2025-24813 از نوع RCE و با نمره آسیب پذیری 9.9 منتشر شده است. اکسپلویت این آسیب پذیری با استفاده از متد put بو
@AmirHossein_sec
27 May 2025
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatに重大なRCE脆弱性(CVE-2025-24813)が発見され、PoCも公開済み。特定の非デフォルト設定下で悪用可能。速やかなアップデートと設定の見直しが推奨される。 https://t.co/uKSrbV4PAW
@01ra66it
26 May 2025
5688 Impressions
35 Retweets
82 Likes
28 Bookmarks
0 Replies
2 Quotes
CVE-2025-24813: Path Equivalence: 'https://t.co/65d0g2MyZk' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat:
@cyber_advising
25 May 2025
924 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-24813
@transilienceai
15 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 The first post of my new blog "Exploring CVE-2025-24813: Remote Code Execution via Tomcat Session Deserialization" is now live! https://t.co/51tvcG0nlq
@devoo1337
12 May 2025
1094 Impressions
6 Retweets
24 Likes
11 Bookmarks
0 Replies
1 Quote
Apache Tomcat の脆弱性 CVE-2025-31650/31651 が FIX:DoS とルール・バイパスの恐れ https://t.co/qd4baOiT2c Apache Tomcat に新たな脆弱性が発見されました。なお、同ツールでは、3月以降から別の脆弱性 CVE-2025-24813 の悪用が
@iototsecnews
12 May 2025
289 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
1 Quote
🛡️アウトブレイクアラート🛡️ 👉Apache Tomcat RCE CVE-2025-24813はApache Tomcatのpartial PUT機能の認証されていないリモートコード実行の脆弱性です。 脆弱性のエクスプロイトコードは一般入手可能で、攻撃の開
@FortinetJapan
1 May 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Apache Tomcat flaw (CVE-2025-24813) actively exploited! Hackers bypass rules & execute code. Forget patching or WAFs—WEBOUNCER by https://t.co/YvUrFmPcXS is the ultimate web app security solution. No upgrades needed, unmatched protection. #impenetrable #Cybersecuri
@BrainLabVisions
29 Apr 2025
39 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet https://t.co/NxlZbJZ9dt #bugbounty #bugbountytips #bugbountytip
@bountywriteups
27 Apr 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚡ CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content adde... 👨🏻💻 sw0rd1ight ➟ Internet Bug Bounty 🟥 High 💰 $4,323 🔗 https://t.co/N5uSAw7XOJ #bugbounty #bugbountytips #cybersecurity #infosec https://t.co/Yufoz6L9
@h1Disclosed
27 Apr 2025
1276 Impressions
5 Retweets
28 Likes
10 Bookmarks
0 Replies
0 Quotes
2025 Bug Bounties! Hunt: CVE-2025-30406: Gladinet key CVE-2025-29824: Windows EoP CVE-2025-24054: NTLM theft CVE-2025-24813: Tomcat bug CVE-2025-32433: SSH RCE Burp, Amass. Big bounties! Get Bug Bounty Guide 2025! #BugBounty #VulnHunting2025 https://t.co/tin4q4LnYa
@Viper_Droidd
21 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat CVE-2025-24813 brings RCE concerns. Key points: • Patches available—upgrade if you can. • Most setups are secure unless misconfigured. • Claims of active exploitation may be overstated. Stay updated by subscribing to our blog: https://t.co/0CR2oUy2R9 https://t
@behkfox
21 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Alert: A severe RCE vulnerability (CVE-2025-24813) has been identified in Apache Tomcat, capable of allowing unauthorized remote code execution. Affected versions range from 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. https://t.co/ppcp1xs5gh
@The4n6Analyst
21 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
16 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/L82vzIXGBh https://t.co/0uEcG2Tkdb
@Yanivzadok
14 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2021-35587 2 - CVE-2025-30406 3 - CVE-2023-43622 4 - CVE-2025-24813 5 - CVE-2025-3248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813 is a critical security issue that affects Apache Tomcat versions from 9.0.0.M1 to 11.0.2. It allows remote code execution, information disclosure and malicious content injection https://t.co/9qnrIMKfHD
@cyber_advising
11 Apr 2025
6262 Impressions
41 Retweets
147 Likes
75 Bookmarks
1 Reply
0 Quotes
احذر #RCE وتسرب المعلومات! ثغرة #Apache Tomcat CVE-2025-24813! تحقق من مدونة https://t.co/gKKiwWrA0u للحصول على التفاصيل! ☑️الإصدارات المعرضة للثغرة ☑️شروط الهجوم ☑️اكتشاف خادم Apache Tomcat ☑️كيفية الاستجابة للحصول على تحليل فني كامل وكيفية الاستجابة: https://t.co/AAwEJVcWez h
@CriminalIP_AR
10 Apr 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
米当局は、Apache Tomcatの脆弱性「CVE-2025-24813」が悪用されていると警告。リモートコード実行が可能で、4月1日に「悪用が確認された脆弱性カタログ」に追加された。開発チームは3月に修正を公開、WAFでの検出回避の可能性もあり注意が呼びかけられている。
@karukaruit
8 Apr 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Se detecta PoC activa explotando RCE en Apache Tomcat (CVE-2025-24813) https://t.co/ncil3Vbl7E
@tpx_Security
7 Apr 2025
231 Impressions
3 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
6 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
''Apache Tomcat CVE-2025-24813: What You Need to Know | Rapid7 Blog'' #infosec #pentest #redteam #blueteam https://t.co/uWBoxEmcKi
@CyberWarship
6 Apr 2025
3264 Impressions
11 Retweets
48 Likes
19 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
6 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
2. Contexto de Ameaças em Projetos Apache: - Vulnerabilidades em projetos Apache são alvos frequentes. Exemplo recente: CVE-2025-24813 no Tomcat (CVSS 9.8), explorado em 30 horas após divulgação.
@pedroco53915492
5 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat: Potential RCE Severity : Critical CVE-2025-24813 Exploit : https://t.co/6ggKgBQrYu Refrence : https://t.co/6gGeOYAdAp #ApacheTomcat #bugbounty #RCE https://t.co/m34WUgLFqv
@wgujjer11
5 Apr 2025
12275 Impressions
83 Retweets
352 Likes
212 Bookmarks
2 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
4 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/YkIdevDmBC https://t.co/xy8qFC27xK
@epichol
3 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
3 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/oBqikaW4Tc
@Teeeda_worker
3 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/m8AfDzhwCG
@CyberNote_media
3 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAA3CD29-4D05-4F58-BE63-0A100C010AF0",
"versionEndExcluding": "9.0.99",
"versionStartIncluding": "9.0.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "108D9F43-5A29-475E-9EE2-66CE8899B318",
"versionEndExcluding": "10.1.35",
"versionStartIncluding": "10.1.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7E3D41F-F7C8-4BAB-A80B-287FACB0F7E4",
"versionEndExcluding": "11.0.3",
"versionStartIncluding": "11.0.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7914D26B-CBD6-4846-9BD3-403708D69319"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "123C6285-03BE-49FC-B821-8BDB25D02863"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]