PT-2025-28240 · Apache+10 · Apache Tomcat+11

Kanatoko

·

Published

2025-01-01

·

Updated

2026-06-02

·

CVE-2025-53506

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M1 through 11.0.8 Apache Tomcat versions 10.1.0-M1 through 10.1.42 Apache Tomcat versions 9.0.0.M1 through 9.0.106
Description: An uncontrolled resource consumption issue exists in Apache Tomcat when an HTTP/2 client fails to acknowledge the initial settings frame, leading to a reduction in the maximum permitted concurrent streams.
Recommendations: Upgrade to Apache Tomcat version 11.0.9. Upgrade to Apache Tomcat version 10.1.43. Upgrade to Apache Tomcat version 9.0.107.

Fix

DoS

Resource Exhaustion

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2025:14177
ALSA-2025:14178
ALSA-2025:14181
ALT-PU-2025-13135
BDU:2025-08952
BIT-TOMCAT-2025-53506
CESA-2025_14177
CVE-2025-53506
DLA-4244-1
GHSA-25XR-QJ8W-C4VF
INFSA-2025_14177
INFSA-2025_14181
MGASA-2025-0223
OESA-2025-1892
OESA-2025-1893
OESA-2025-1894
OESA-2025-1895
OESA-2025-1896
OESA-2025-1897
OPENSUSE-SU-2025:15440-1
OPENSUSE-SU-2025:15441-1
OPENSUSE-SU-2025:15442-1
RHSA-2025:11695
RHSA-2025:11741
RHSA-2025:14177
RHSA-2025:14178
RHSA-2025:14179
RHSA-2025:14180
RHSA-2025:14181
RHSA-2025:14182
RHSA-2025:14183
RHSA-2025_14177
RHSA-2025_14181
SUSE-SU-2025:02745-1
SUSE-SU-2025:02978-1
SUSE-SU-2025:02979-1
SUSE-SU-2025:03024-1
SUSE-SU-2025_02745-1
SUSE-SU-2025_02978-1
SUSE-SU-2025_02979-1
SUSE-SU-2025_03024-1
SUSE-SU-2026:1058-1

Affected Products

Alt Linux
Almalinux
Apache Tomcat
Astra Linux
Bamboo
Bitbucket
Centos
Debian
Red Hat
Red Os
Rocky Linux
Suse