AVG-2889 log

Package tomcat9
Status Vulnerable
Severity High
Type multiple issues
Affected 9.0.100-1
Fixed Unknown
Current 9.0.100-1 [extra]
Ticket Create
Created Thu May 29 21:55:51 2025
Issue Severity Remote Type Description
CVE-2025-49125 Low Yes Access restriction bypass
When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected...
CVE-2025-48988 Medium Yes Denial of service
Tomcat used the same limit for both request parameters and parts in a multipart request. Since uploaded parts also include headers which must be retained,...
CVE-2025-48976 Medium Yes Denial of service
Apache Commons FileUpload provided a hard-coded limit of 10kB for the size of the headers associated with a multipart request. A specially crafted request...
CVE-2025-46701 Low Yes Access restriction bypass
When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it...
CVE-2025-31650 High Yes Denial of service
Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large...