AI description
CVE-2025-53506 is an uncontrolled resource consumption vulnerability affecting Apache Tomcat. The vulnerability occurs when an HTTP/2 client does not acknowledge the initial settings frame, which reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, and 9.0.0.M1 through 9.0.106. To resolve this vulnerability, users are advised to upgrade to versions 11.0.9, 10.1.43, or 9.0.107.
- Description
- Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.
- Source
- security@apache.org
- NVD status
- Modified
- Products
- tomcat
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-400
- Hype score
- Not currently trending
A CVE-2025-53506 é uma falha de Uncontrolled Resource Consumption (CWE-400) no Apache Tomcat, explorando o protocolo HTTP/2. Quando um cliente HTTP/2 não reconhece o SETTINGS ACK, o servidor Tomcat falha ao limitar o número de “streams”, podendo ser sobrecarregado com cone
@Andrewkek77
19 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53506: Uncontrolled Resource Consumption in Apache Tomcat, 7.5 rating❗️ A vulnerability in some versions of Apache Tomcat could allow an attacker to cause a DoS. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/xEmxg41hho #cybersecurity #vulnerability_ma
@Netlas_io
16 Jul 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Apache Tomcat y HTTP Server ❗CVE-2025-53506 ❗CVE-2025-52434 ❗CVE-2025-52520 ➡️Más info: https://t.co/U9MhlJDNxE https://t.co/nKJdkYnXTS
@CERTpy
14 Jul 2025
135 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53506 Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted… https://t.co/9XtjddIqz0
@CVEnew
11 Jul 2025
213 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Tomcat CVE-2025-53506 DoSの脆弱性の世界一早い解説記事を書きました。他にも2つの脆弱性が修正されているので皆様アップデートしましょう。 https://t.co/kQixehOQoB
@kinyuka
11 Jul 2025
3908 Impressions
13 Retweets
39 Likes
16 Bookmarks
0 Replies
0 Quotes
Warning: Multiple vulnerabilities in @TheApacheTomcat can lead to Denial of Service attacks. CVE-2025-52434, CVE-2025-52520, CVE-2025-53506 with CVSS 6.6 demand urgent action. Protect your systems now! Read the advisory https://t.co/I7TVCH9xgC #Patch immediately! #Vulnerability
@CCBalert
7 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D1D5DA0-D03A-4A7A-B0F8-78FBC3229322",
"versionEndIncluding": "9.0.106",
"versionStartIncluding": "9.0.0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "641541D9-6F81-4357-B535-D83D25217A14",
"versionEndIncluding": "10.1.42",
"versionStartIncluding": "10.1.0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C16A32B5-DB24-48E2-BABE-6F60360786DF",
"versionEndIncluding": "11.0.8",
"versionStartIncluding": "11.0.0"
}
],
"operator": "OR"
}
]
}
]