CVE-2025-24813
Published Mar 10, 2025
Last updated 5 months ago
- Description
- Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- tomcat, debian_linux, bootstrap_os
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache Tomcat Path Equivalence Vulnerability
- Exploit added on
- Apr 1, 2025
- Exploit action due
- Apr 22, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Security failures don’t start with CVE disclosure. This case study of CVE-2025-24813 shows why routine upgrades, not alerts, determine outcomes. - https://t.co/7GulvkdyWc #securitylifecyclemanagement #cve
@hackernoon
2 Feb 2026
200 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just completed "Apache Tomcat 9.0.0-9.0.98/10.1.0-10.1.34/11.0.0-11.0.2 Remote Code Execution (CVE-2025-24813)" lab on @hackviserr 🚀
@Cyb3rb4b3x0x0
4 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - brs6412/CVE-2025-24813: Example PoC for CVE-2025-24813 (Tomcat RCE) https://t.co/YVOqPMwYcM
@akaclandestine
19 Oct 2025
8612 Impressions
34 Retweets
131 Likes
59 Bookmarks
0 Replies
0 Quotes
GitHub - drcrypterdotru/Apache-GOExploiter: Apache (CVE-2025-24813) GOExploiter Checker & Exploiter very Fast https://t.co/dHGH4Iaz0i
@akaclandestine
8 Oct 2025
3537 Impressions
12 Retweets
50 Likes
33 Bookmarks
0 Replies
1 Quote
CVE-2025-24813: Path Equivalence: 'https://t.co/65d0g2N6OS' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. https://t.co/tsQeiVT1fg
@cyber_advising
15 Sept 2025
1498 Impressions
9 Retweets
24 Likes
12 Bookmarks
0 Replies
0 Quotes
Apache (CVE-2025-24813) GOExploiter Checker & Exploiter very Fast Topics go shell golang scanner bug apache tomcat access bounty auto mass exploiter cve-2025-24813 https://t.co/Q7WHTdHEvL https://t.co/X7xFk4qZuP
@crypter66921
31 Aug 2025
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - x00byte/PutScanner: A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813] https://t.co/jD17aO67xa
@akaclandestine
16 Aug 2025
1115 Impressions
3 Retweets
12 Likes
4 Bookmarks
0 Replies
0 Quotes
Moving forward with my personal testing, today I'm working on PoC:RCE on Tomcat via serialized payloads (CVE-2025-24813) #Hacking #Cybersecurity #EthicalHacking 💻🤖 https://t.co/HjGmRVziwu
@Hack32_
12 Aug 2025
242 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Hello hackers! 🧨🔥 [CVE-2025-24813] Exploit from ZERO in Python — Apache Tomcat RCE (Deserialization PoC) 🔥Here is the link to the video on YouTube, please like and subscribe, it is very helpful. https://t.co/ofWkztQ9Oi happy hacking! happy bug bounty hackers🚀🔥
@Z3R0NYX
3 Aug 2025
8019 Impressions
31 Retweets
190 Likes
111 Bookmarks
2 Replies
0 Quotes
Hello hackers! 🧨🔥 [CVE-2025-24813] Exploit from ZERO in Python — Apache Tomcat RCE (Deserialization PoC) 🔥Here is the link to the video on YouTube, please like and subscribe, it is very helpful. https://t.co/ofWkztQHDQ happy hacking! happy bug bounty!💥🔥🚀 https
@Z3R0NYX
3 Aug 2025
1406 Impressions
3 Retweets
24 Likes
4 Bookmarks
0 Replies
0 Quotes
还原漏洞调用链:CVE-2025-24813 Tomcat 反序列化漏洞源码深度解析 漏洞分析 第一部分:上传恶意代码保存成文件 发现只能使用bytes类型,其他不支持 第一部分重点跟进这个方法:executePartialPut 技术联系:https://t.c
@Brave94548
31 Jul 2025
1551 Impressions
0 Retweets
44 Likes
0 Bookmarks
0 Replies
0 Quotes
还原漏洞调用链:CVE-2025-24813 Tomcat 反序列化漏洞源码深度解析 攻击者可执行任意代码: 默认 Servlet 启用了写权 限默认禁用 启用了部分PUT请求支持 默认启用 应用程序使用 Tomcat 的基于文件的会话持久化(默
@hackerkiki_6
22 Jul 2025
1431 Impressions
0 Retweets
33 Likes
0 Bookmarks
0 Replies
0 Quotes
This article delves into security risks posed by unpatched Apache Tomcat and Camel instances. We present an in-depth analysis of CVE-2025-24813 and CVE-2025-27636 and CVE-2025-29891 as well as findings from our telemetry (including exploit payloads). https://t.co/FogfF5t2xU https
@Unit42_Intel
15 Jul 2025
4223 Impressions
22 Retweets
62 Likes
14 Bookmarks
0 Replies
0 Quotes
【アーカイブ】 Tomcatに新たな脅威!早急な対策が必須です。 Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXC8lG #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
14 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【アーカイブ】 重要なセキュリティ情報です。早急な対応を! Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXCGbe #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
14 Jul 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
【アーカイブ】 重要!Apache Tomcatの脆弱性にご注意ください。 Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXC8lG #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
10 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【脆弱性分析】Apacheが提供する主要製品に深刻な脆弱性が相次いで発見された。TomcatのCVE-2025-24813と、CamelのCVE-2025-27636、CVE-2025-29891の3つが2025年3月に公開され、いずれもリモートコード実行を可能にする。 Tom
@nakajimeeee
5 Jul 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ RCE flaws in Apache Tomcat (CVE-2025-24813) & Camel (CVE-2025-27636/29891) under active attack. 🚨 Exploits use partial PUT & header case tricks. 🔧 Patch now. Over 125K attempts detected. Read more: https://t.co/tO1iixhgQb #Apache #CVE2025 #CyberSecurity
@threatsbank
5 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"Apache disclosed critical RCE bugs: CVE-2025-24813 in Tomcat, CVE-2025-27636 & CVE-2025-29891 in Camel. Millions of developers at risk. Patch ASAP."
@Tudorel92659164
4 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hello everyone, I and my dear buddy @soltanali0 spent our time to analysis the this CVE-2025-24813 yesterday and we've written it down , we decided share it with you –– coming soon
@MrKlaus1337
4 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hello everyone, today I and my dear buddy @soltanali0 spent our time to analysis the this CVE-2025-24813 and we've written down it , we decided share it with you –– coming soon
@MrKlaus1337
4 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Foundationは2025年、TomcatとCamelに重大な脆弱性が存在することを公表した。TomcatのCVE-2025-24813は、HTTP PUTリクエストを悪用し、セッション永続化が有効な環境でリモートコード実行を可能にする。
@yousukezan
3 Jul 2025
819 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Apache Tomcat bajo fuego: CVE-2025-24813 (RCE pre-auth vía partial PUT) ya observado en la wild. Parchéalo YA. 😉 #CVE2025 #ApacheTomcat #bugbountytips https://t.co/NYVv53pu9j
@gorkaelbochi
3 Jul 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities in Apache Tomcat (CVE-2025-24813) & Camel (CVE-2025-27636, CVE-2025-29891) exposed millions to remote code execution. Widespread scans and exploits highlight the urgent need for patches. 🚨 #SecurityAlert #OpenSource #UK https://t.co/Tp9rRTLiPD
@TweetThreatNews
3 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 1/ 🚨 #Apache bajo ataque: Vulnerabilidades en Tomcat (Partial PUT CVE-2025-24813) y Camel (Header Hijack CVE-2025-27636) revelan riesgos críticos. Descubiertos recientemente, pueden ser explotados para comprometer sistemas. 🌐 Detalles: https://t.co/DlFPoXSyxT
@x_sentinel99263
3 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【アーカイブ】 重要なセキュリティ情報!対策はお早めに。 Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 https://t.co/fADMZXC8lG #cybernote #ブログ仲間と繋がりたい #Webライター
@CyberNote_media
2 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-24813: Apache Tomcat potential RCE and/or information disclosure and/or information corruption with partial PUT ZoomEye Link: https://t.co/IHs6PYm1JQ ZoomEye Dork: app="Apache Tomcat" Results: 815,431 Advisory: https://t.co/CxmqZXS3Sh PoC: https://t.co/ptDYkVO0
@DarkWebInformer
18 Jun 2025
16599 Impressions
77 Retweets
265 Likes
133 Bookmarks
3 Replies
0 Quotes
Cybersecurity analysts detect ongoing brute-force campaigns targeting exposed Apache Tomcat Manager panels from hundreds of malicious IPs ✋. Strong authentication & timely patching are vital, especially after CVE-2025-24813. #Tomcat #Security #UK https://t.co/adbPF73uRj
@TweetThreatNews
11 Jun 2025
66 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#Vulnerability #apacheTomcat CISA Flags Apache Tomcat CVE-2025-24813 as Actively Exploited with 9.8 CVSS https://t.co/kQK83S8mE2
@Komodosec
6 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ New SOC Alert: Apache Tomcat Serialized Payload RCE CVE-2025-24813 is a critical Apache Tomcat RCE vulnerability caused by path equivalence in HTTP PUT handling, allowing attackers to upload malicious payloads and execute arbitrary code remotely. 🙍 Role: Incident ht
@LetsDefendIO
31 May 2025
4917 Impressions
12 Retweets
85 Likes
38 Bookmarks
0 Replies
1 Quote
『Arctera/Veritas Desktop Laptop Option versions: 9.7, 9.8, 9.8.1, 9.8.2, 9.8.3 and 9.9. Earlier unsupported versions may be affected as well.』 CVE-2024-38475 CVE-2025-24813 Desktop Laptop Option (DLO) Apache HTTP Server and Tomcat Vulnerabilities https://t.co/epylioiFMb
@autumn_good_35
29 May 2025
255 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای وب سرور apache Tomcat آسیب پذیری با کد شناسایی CVE-2025-24813 از نوع RCE و با نمره آسیب پذیری 9.9 منتشر شده است. اکسپلویت این آسیب پذیری با استفاده از متد put بو
@AmirHossein_sec
27 May 2025
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatに重大なRCE脆弱性(CVE-2025-24813)が発見され、PoCも公開済み。特定の非デフォルト設定下で悪用可能。速やかなアップデートと設定の見直しが推奨される。 https://t.co/uKSrbV4PAW
@01ra66it
26 May 2025
5688 Impressions
35 Retweets
82 Likes
28 Bookmarks
0 Replies
2 Quotes
CVE-2025-24813: Path Equivalence: 'https://t.co/65d0g2MyZk' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat:
@cyber_advising
25 May 2025
924 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-24813
@transilienceai
15 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 The first post of my new blog "Exploring CVE-2025-24813: Remote Code Execution via Tomcat Session Deserialization" is now live! https://t.co/51tvcG0nlq
@devoo1337
12 May 2025
1094 Impressions
6 Retweets
24 Likes
11 Bookmarks
0 Replies
1 Quote
Apache Tomcat の脆弱性 CVE-2025-31650/31651 が FIX:DoS とルール・バイパスの恐れ https://t.co/qd4baOiT2c Apache Tomcat に新たな脆弱性が発見されました。なお、同ツールでは、3月以降から別の脆弱性 CVE-2025-24813 の悪用が
@iototsecnews
12 May 2025
289 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
1 Quote
🛡️アウトブレイクアラート🛡️ 👉Apache Tomcat RCE CVE-2025-24813はApache Tomcatのpartial PUT機能の認証されていないリモートコード実行の脆弱性です。 脆弱性のエクスプロイトコードは一般入手可能で、攻撃の開
@FortinetJapan
1 May 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Apache Tomcat flaw (CVE-2025-24813) actively exploited! Hackers bypass rules & execute code. Forget patching or WAFs—WEBOUNCER by https://t.co/YvUrFmPcXS is the ultimate web app security solution. No upgrades needed, unmatched protection. #impenetrable #Cybersecuri
@BrainLabVisions
29 Apr 2025
39 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet https://t.co/NxlZbJZ9dt #bugbounty #bugbountytips #bugbountytip
@bountywriteups
27 Apr 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚡ CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content adde... 👨🏻💻 sw0rd1ight ➟ Internet Bug Bounty 🟥 High 💰 $4,323 🔗 https://t.co/N5uSAw7XOJ #bugbounty #bugbountytips #cybersecurity #infosec https://t.co/Yufoz6L9
@h1Disclosed
27 Apr 2025
1276 Impressions
5 Retweets
28 Likes
10 Bookmarks
0 Replies
0 Quotes
2025 Bug Bounties! Hunt: CVE-2025-30406: Gladinet key CVE-2025-29824: Windows EoP CVE-2025-24054: NTLM theft CVE-2025-24813: Tomcat bug CVE-2025-32433: SSH RCE Burp, Amass. Big bounties! Get Bug Bounty Guide 2025! #BugBounty #VulnHunting2025 https://t.co/tin4q4LnYa
@Viper_Droidd
21 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat CVE-2025-24813 brings RCE concerns. Key points: • Patches available—upgrade if you can. • Most setups are secure unless misconfigured. • Claims of active exploitation may be overstated. Stay updated by subscribing to our blog: https://t.co/0CR2oUy2R9 https://t
@behkfox
21 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Alert: A severe RCE vulnerability (CVE-2025-24813) has been identified in Apache Tomcat, capable of allowing unauthorized remote code execution. Affected versions range from 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. https://t.co/ppcp1xs5gh
@The4n6Analyst
21 Apr 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
16 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/L82vzIXGBh https://t.co/0uEcG2Tkdb
@Yanivzadok
14 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2021-35587 2 - CVE-2025-30406 3 - CVE-2023-43622 4 - CVE-2025-24813 5 - CVE-2025-3248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813 is a critical security issue that affects Apache Tomcat versions from 9.0.0.M1 to 11.0.2. It allows remote code execution, information disclosure and malicious content injection https://t.co/9qnrIMKfHD
@cyber_advising
11 Apr 2025
6262 Impressions
41 Retweets
147 Likes
75 Bookmarks
1 Reply
0 Quotes
احذر #RCE وتسرب المعلومات! ثغرة #Apache Tomcat CVE-2025-24813! تحقق من مدونة https://t.co/gKKiwWrA0u للحصول على التفاصيل! ☑️الإصدارات المعرضة للثغرة ☑️شروط الهجوم ☑️اكتشاف خادم Apache Tomcat ☑️كيفية الاستجابة للحصول على تحليل فني كامل وكيفية الاستجابة: https://t.co/AAwEJVcWez h
@CriminalIP_AR
10 Apr 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
米当局は、Apache Tomcatの脆弱性「CVE-2025-24813」が悪用されていると警告。リモートコード実行が可能で、4月1日に「悪用が確認された脆弱性カタログ」に追加された。開発チームは3月に修正を公開、WAFでの検出回避の可能性もあり注意が呼びかけられている。
@karukaruit
8 Apr 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEADC2E0-4A95-47B8-B506-D8E677838967",
"versionEndExcluding": "9.0.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "108D9F43-5A29-475E-9EE2-66CE8899B318",
"versionEndExcluding": "10.1.35",
"versionStartIncluding": "10.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E3D41F-F7C8-4BAB-A80B-287FACB0F7E4",
"versionEndExcluding": "11.0.3",
"versionStartIncluding": "11.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*",
"matchCriteriaId": "7914D26B-CBD6-4846-9BD3-403708D69319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*",
"matchCriteriaId": "123C6285-03BE-49FC-B821-8BDB25D02863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*",
"matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*",
"matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*",
"matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]