CVE-2025-24813
Published Mar 10, 2025
Last updated 18 days ago
AI description
CVE-2025-24813 is a vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0.M1 through 10.1.34, and 11.0.0.M1 through 11.0.2. It stems from an issue in how Tomcat handles partial PUT requests. Specifically, the vulnerability arises from the use of a temporary file based on user-supplied filenames and paths, where the path separator is replaced by a dot. This can potentially allow unauthorized access to sensitive files, injection of malicious content, or even remote code execution under certain conditions. Exploitation of this vulnerability requires a specific set of circumstances. For information disclosure or content injection, the default servlet must have write access enabled (it's disabled by default), partial PUT support must be enabled (which it is by default), and the target URL for sensitive uploads must be a subdirectory of a public upload URL. The attacker also needs to know the names of the sensitive files being uploaded via partial PUT. For remote code execution, the same conditions apply, with the addition of the application using Tomcat's file-based session persistence in the default location and including a library vulnerable to deserialization attacks.
- Description
- Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache Tomcat Path Equivalence Vulnerability
- Exploit added on
- Apr 1, 2025
- Exploit action due
- Apr 22, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-24813
@transilienceai
16 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/L82vzIXGBh https://t.co/0uEcG2Tkdb
@Yanivzadok
14 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2021-35587 2 - CVE-2025-30406 3 - CVE-2023-43622 4 - CVE-2025-24813 5 - CVE-2025-3248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
13 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813 is a critical security issue that affects Apache Tomcat versions from 9.0.0.M1 to 11.0.2. It allows remote code execution, information disclosure and malicious content injection https://t.co/9qnrIMKfHD
@cyber_advising
11 Apr 2025
6262 Impressions
41 Retweets
147 Likes
75 Bookmarks
1 Reply
0 Quotes
احذر #RCE وتسرب المعلومات! ثغرة #Apache Tomcat CVE-2025-24813! تحقق من مدونة https://t.co/gKKiwWrA0u للحصول على التفاصيل! ☑️الإصدارات المعرضة للثغرة ☑️شروط الهجوم ☑️اكتشاف خادم Apache Tomcat ☑️كيفية الاستجابة للحصول على تحليل فني كامل وكيفية الاستجابة: https://t.co/AAwEJVcWez h
@CriminalIP_AR
10 Apr 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
米当局は、Apache Tomcatの脆弱性「CVE-2025-24813」が悪用されていると警告。リモートコード実行が可能で、4月1日に「悪用が確認された脆弱性カタログ」に追加された。開発チームは3月に修正を公開、WAFでの検出回避の可能性もあり注意が呼びかけられている。
@karukaruit
8 Apr 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Se detecta PoC activa explotando RCE en Apache Tomcat (CVE-2025-24813) https://t.co/ncil3Vbl7E
@tpx_Security
7 Apr 2025
231 Impressions
3 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
6 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
''Apache Tomcat CVE-2025-24813: What You Need to Know | Rapid7 Blog'' #infosec #pentest #redteam #blueteam https://t.co/uWBoxEmcKi
@CyberWarship
6 Apr 2025
3264 Impressions
11 Retweets
48 Likes
19 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
6 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
2. Contexto de Ameaças em Projetos Apache: - Vulnerabilidades em projetos Apache são alvos frequentes. Exemplo recente: CVE-2025-24813 no Tomcat (CVSS 9.8), explorado em 30 horas após divulgação.
@pedroco53915492
5 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat: Potential RCE Severity : Critical CVE-2025-24813 Exploit : https://t.co/6ggKgBQrYu Refrence : https://t.co/6gGeOYAdAp #ApacheTomcat #bugbounty #RCE https://t.co/m34WUgLFqv
@wgujjer11
5 Apr 2025
12275 Impressions
83 Retweets
352 Likes
212 Bookmarks
2 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
4 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/YkIdevDmBC https://t.co/xy8qFC27xK
@epichol
3 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
3 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/oBqikaW4Tc
@Teeeda_worker
3 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/m8AfDzhwCG
@CyberNote_media
3 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
2 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA confirms active exploitation of Apache Tomcat CVE-2025-24813 (CVSS 9.8)—unpatched systems are vulnerable to remote code execution. Critical update required: https://t.co/nDZc1xQhAR #CyberSecurity #CriticalVulnerability
@adriananglin
2 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-24813 Apache Tomcat as Actively Exploited with 9.8 CVSS 🎯6.7m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/GfMvWUMWTU FOFA Query:app="APACHE-Tomcat" 🔖Refer: https://t.co/s8SDApC9s9 #OSINT #FOFA #CyberSecurity https:/
@fofabot
2 Apr 2025
1306 Impressions
4 Retweets
21 Likes
9 Bookmarks
0 Replies
0 Quotes
Antes que termine April Fools' Day🤪, te conviene actualizar tu PHP y Tomcat. La vulnerabilidad de Tomcat (CVE-2025-24813 - CVSS 9.9) está siendo explotada activamente y hay exploits públicos. https://t.co/QH2B4uV67j https://t.co/7LuJ0moxez Muestra de servidores vulnerables👇 h
@SeguInfo
1 Apr 2025
765 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🛡️ We added Apache Tomcat path equivalence vulnerability CVE-2025-24813 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/bJOgGeWmb8 & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/40msteeDPe
@CISACyber
1 Apr 2025
5524 Impressions
18 Retweets
48 Likes
6 Bookmarks
1 Reply
1 Quote
Vulnerabilidad de Apache Tomcat ⚠️ CVE-2025-24813 Solicitud PUT con una carga útil de Java serializada diseñada para activar RCE. A continuación, se envía una solicitud GET con una cookie "JSESSIONID" https://t.co/6tv5JAgmb7 https://t.co/n77mdPGtU6
@elhackernet
1 Apr 2025
13938 Impressions
88 Retweets
263 Likes
96 Bookmarks
0 Replies
3 Quotes
🚨 CVE-2025-24813 en Apache Tomcat: una vulnerabilidad de ejecución remota de código (RCE) que puede comprometer tu infraestructura. 🔥 🔍 Aprende a cómo protegerte. 👉 https://t.co/O0fBpnfGKF… #hacking #infosec #hackers #CyberSecurity #blog https://t.co/7oxYKFJrvw
@alienxox1
31 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
More detailed analysis of Apache Tomcat CVE-2025-24813 https://t.co/GYUmHfzHoD https://t.co/fQuPGNOV77
@secharvesterx
31 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
31 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
31 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-24813 is a critical path equivalence #vulnerability in #ApacheTomcat. Attackers are exploiting it in the wild, potentially executing arbitrary code without authentication. This can lead to system compromise and data exposure. #ThreatIntelligence https://t.co/hoCfAGaMgH
@MalwarePatrol
30 Mar 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatに深刻な脆弱性(CVE-2025-24813)が発見され、既に悪用が確認されている。攻撃者は部分的なPUTリクエストとパスの等価性を利用して、認証なしで任意コード実行を可能にする。悪用には特定の条件が必要なため成功は困難だが、攻撃は増加している。 https://t.co/nbfnu88YNO
@yousukezan
30 Mar 2025
3756 Impressions
17 Retweets
76 Likes
20 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers https://t.co/jKnc3LjPbj
@SecurityAid
30 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Security news I found interesting: Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers https://t.co/EoABnNpgEH #R4yt3d
@R4yt3d
30 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Title: Critical Alert: Apache Tomcat Servers Targeted by New Exploit - CVE-2025-24813 Read the full story: https://t.co/f4HJSlzma2
@theinfosecnews
30 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Details : https://t.co/mBYwau3tWh #Vulnerability #tomcat #cve-2025-24813 https://t.co/8BM11Us6dK
@s_moonbeam01
30 Mar 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
30 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-24813 en Apache Tomcat: una vulnerabilidad de ejecución remota de código (RCE) que puede comprometer tu infraestructura. 🔥 🔍 Aprende a cómo protegerte. 👉 https://t.co/xjd2YCc0O7… #hacking #infosec #hackers #CyberSecurity #blog https://t.co/yjxYzemulP
@CyberHacker100
29 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Apache Tomcat: CVE-2025-24813 | 28-03-2025 Source: https://t.co/OZLno8T4Kz Key details below ↓ 🏭Industry: Government 🌐Geo: Indonesia, Korea, India, Latvia, Germany, Brazil, Pakistan, Australia, Singapore, Japan, Italy, Taiwan, Mexico, Morocco, h
@rst_cloud
29 Mar 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24813 en Apache Tomcat: una vulnerabilidad de ejecución remota de código (RCE) que puede comprometer tu infraestructura. 🔥 🔍 Aprende a cómo protegerte. 👉 https://t.co/JOqGY8NfbW… #hacking #infosec #hackers #CyberSecurity #blog https://t.co/Z7oR1uQODa
@Recoverytheate
29 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
29 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 A critical vulnerability (CVE-2025-24813) in Apache Tomcat allows remote, unauthenticated attackers to execute arbitrary code on affected servers. Versions 11.0.0-M1 to 9.0.98 are at risk. 📂⚠️ #ApacheTomcat #JavaExploitation link: https://t.co/a6VtFKYsKi https://t.co/Ry1prnB
@TweetThreatNews
28 Mar 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability, CVE-2025-24813, in Apache Tomcat allows remote code execution on unpatched servers, prompting urgent patching to protect sensitive data from exploitation attempts by threat actors globally. #Cybersecurity #CVE2025 https://t.co/C1HT4ZnX9u
@Cyber_O51NT
28 Mar 2025
273 Impressions
2 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
27 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache Tomcatの脆弱性CVE-2025-24813が開示された後、脆弱なバージョンのTomcatは10万回近くダウンロードされている。Sonatype社報告。同脆弱性は開示4日後のPoC(攻撃の概念実証コード)公開直後に悪用が観測されている。 https://t.co/rb2eXjgmOg
@__kokumoto
26 Mar 2025
2258 Impressions
8 Retweets
13 Likes
4 Bookmarks
0 Replies
2 Quotes
My week thanks to CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-29927, CVE-2025-24813....... https://t.co/QM3hlv6IlT
@mruston
26 Mar 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/pijEF9cAKl https://t.co/FiIjQgqrVv
@sumeetsssm
26 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/fQcDn0WZo4 https://t.co/wTglU2rqVP
@Jrenou
25 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/5EHGyHbchE https://t.co/U7jH3maGwY
@dholland64
24 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/qta73kltNL https://t.co/y6Gh9uzMc0
@RaghuNain
24 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat PUT kérésből teljes irányítás Az Apache Tomcat legújabb, kritikus súlyosságú biztonsági hibája, a CVE-2025-24813 távoli kódfuttatást tesz lehetővé. A támadók egy egyszerű PUT kéréssel teljesen átvehetik az irányítást a kiszolgáló felett. A sérülékenységet már akt…
@linuxmint_hun
24 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical vulnerability patched in Apache Tomcat! CVE-2025-24813 allows remote code execution via malicious HTTP PUT requests. Affected versions: 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. Patch now! #CVE-2025-24813 https://t.co/wUVRyGXSPi
@RedTeamNewsBlog
24 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813.) Learn more. https://t.co/KBptbZr0Zb https://t.co/3ZUBwYai4x
@Akamai
23 Mar 2025
578 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAA3CD29-4D05-4F58-BE63-0A100C010AF0",
"versionEndExcluding": "9.0.99",
"versionStartIncluding": "9.0.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "108D9F43-5A29-475E-9EE2-66CE8899B318",
"versionEndExcluding": "10.1.35",
"versionStartIncluding": "10.1.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7E3D41F-F7C8-4BAB-A80B-287FACB0F7E4",
"versionEndExcluding": "11.0.3",
"versionStartIncluding": "11.0.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0092FB35-3B00-484F-A24D-7828396A4FF6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB557E88-FA9D-4B69-AA6F-EAEE7F9B01AC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72D3C6F1-84FA-4F82-96C1-9A8DA1C1F30F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3521C81B-37D9-48FC-9540-D0D333B9A4A4"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02A84634-A8F2-4BA9-B9F3-BEF36AEC5480"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECBBC1F1-C86B-40AF-B740-A99F6B27682A"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D2206B2-F3FF-43F2-B3E2-3CAAC64C691D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0495A538-4102-40D0-A35C-0179CFD52A9D"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77BA6600-0890-4BA1-B447-EC1746BAB4FD"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7914D26B-CBD6-4846-9BD3-403708D69319"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "123C6285-03BE-49FC-B821-8BDB25D02863"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A28C2E2-B7BC-46CE-94E4-AE3EF172AA47"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "069B0D8E-8223-4C4E-A834-C6235D6C3450"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6282085-5716-4874-B0B0-180ECDEE128F"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
],
"operator": "OR"
}
]
}
]