PT-2021-2444 · Apache+5 · Apache Tomcat+5

Published

2021-02-02

Updated

2026-03-26

CVE-2021-25329

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Apache Tomcat (affected versions not specified)

Description: The issue is related to a configuration server implementation vulnerability in Apache Tomcat, which involves the recovery of unreliable data in memory due to buffer deserialization. An attacker can exploit this issue by sending a specially crafted request, potentially allowing the execution of arbitrary code.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

ALT-PU-2021-1993

ALT-PU-2025-9146

BDU:2021-01808

BIT-TOMCAT-2021-25329

CVE-2021-25329

DLA-2594-1

DSA-4891-1

GHSA-JGWR-3QM3-26F3

MGASA-2021-0357

OESA-2021-1117

OPENSUSE-SU-2021:0496-1

OPENSUSE-SU-2021_0496-1

OPENSUSE-SU-2024:11468-1

OPENSUSE-SU-2024:13441-1

RHSA-2021:2561

ROSA-SA-2023-2258

SUSE-SU-2021:0988-1

SUSE-SU-2021:0989-1

SUSE-SU-2021:1008-1

SUSE-SU-2021:1009-1

SUSE-SU-2021:1431-1

SUSE-SU-2021:14705-1

SUSE-SU-2021_14705-1

SUSE-SU-2026:1058-1

USN-5360-1

USN-6908-1

Affected Products

Alt Linux

Apache Tomcat

Astra Linux

Linuxmint

Suse

Ubuntu

PT-2021-2444 · Apache+5 · Apache Tomcat+5

CVE-2021-25329

Weakness Enumeration

Related Identifiers

Affected Products

References · 204