AI description
CVE-2025-53506 is an uncontrolled resource consumption vulnerability affecting Apache Tomcat. The vulnerability occurs when an HTTP/2 client does not acknowledge the initial settings frame, which reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, and 9.0.0.M1 through 9.0.106. To resolve this vulnerability, users are advised to upgrade to versions 11.0.9, 10.1.43, or 9.0.107.
- Description
- Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-400
- Hype score
- Not currently trending
CVE-2025-53506: Uncontrolled Resource Consumption in Apache Tomcat, 7.5 rating❗️ A vulnerability in some versions of Apache Tomcat could allow an attacker to cause a DoS. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/xEmxg41hho #cybersecurity #vulnerability_ma
@Netlas_io
16 Jul 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Apache Tomcat y HTTP Server ❗CVE-2025-53506 ❗CVE-2025-52434 ❗CVE-2025-52520 ➡️Más info: https://t.co/U9MhlJDNxE https://t.co/nKJdkYnXTS
@CERTpy
14 Jul 2025
135 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53506 Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted… https://t.co/9XtjddIqz0
@CVEnew
11 Jul 2025
213 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Tomcat CVE-2025-53506 DoSの脆弱性の世界一早い解説記事を書きました。他にも2つの脆弱性が修正されているので皆様アップデートしましょう。 https://t.co/kQixehOQoB
@kinyuka
11 Jul 2025
3908 Impressions
13 Retweets
39 Likes
16 Bookmarks
0 Replies
0 Quotes
Warning: Multiple vulnerabilities in @TheApacheTomcat can lead to Denial of Service attacks. CVE-2025-52434, CVE-2025-52520, CVE-2025-53506 with CVSS 6.6 demand urgent action. Protect your systems now! Read the advisory https://t.co/I7TVCH9xgC #Patch immediately! #Vulnerability
@CCBalert
7 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
2 Quotes