[SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2

Correcting typo in fixed versions CVE-2025-53506 Apache Tomcat - DoS in HTTP/2 Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.8 Apache Tomcat 10.1.0-M1 to 10.1.42 Apache Tomcat 9.0.0.M1 to 9.0.106 Description: An uncontrolled resource

[SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload

Correcting typo in fixed versions CVE-2025-52520 Apache Tomcat - DoS in multipart upload Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.8 Apache Tomcat 10.1.0-M1 to 10.1.42 Apache Tomcat 9.0.0.M1 to 9.0.106 Description: For some unlikel

Re: [EXTERNAL] [SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload

Mark, Is this accurate? Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.42 Mitigation: - Upgrade to Apache Tomcat 10.1.32 or later Thanks! -Joey [cid:d114c52d-730d-4ed5-9b19-db4e930e1068] Joey Cochran Systems Administrator II Middleware Developer Information Technology Di

[SECURITY] CVE-2025-53506 Apache Tomcat - DoS in HTP/2

CVE-2025-53506 Apache Tomcat - DoS in HTTP/2 Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.8 Apache Tomcat 10.1.0-M1 to 10.1.42 Apache Tomcat 9.0.0.M1 to 9.0.106 Description: An uncontrolled resource consumption vulnerability if an HTT

[SECURITY] CVE-2025-52520 Apache Tomcat - DoS in multipart upload

CVE-2025-52520 Apache Tomcat - DoS in multipart upload Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.8 Apache Tomcat 10.1.0-M1 to 10.1.42 Apache Tomcat 9.0.0.M1 to 9.0.106 Description: For some unlikely configurations of multipart uploa

[SECURITY] CVE-2025-52434 Apache Tomcat -APR/native Connector crash leading to DoS

CVE-2025-49125 Apache Tomcat - APR/Native Connector crash leading to DoS Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.105 Description: A race condition on connection close could trigger a JVM crash when using the APR/Native connec

Re: POST parameters chopped

Hrvoje, On 7/10/25 6:52 AM, Hrvoje Lončar wrote: Currently it's 10.1.39 as I wanted to avoid 10.1.42 but I get the same unpredictable behaviour from both. Oh, that's interesting. Of course, upon your first report I had assumed it was the "maxPartCount" but then you posted your configuration w

Re: POST parameters chopped

Hi! Currently it's 10.1.39 as I wanted to avoid 10.1.42 but I get the same unpredictable behaviour from both. I had 10.1.39 for some time before upgrading to 10.1.42 but no one reported that form is not working which is not a proof that it was working correctly. Thanks for your time! BR, Hrvoje.