CVE-2021-25329

Severity

98%

Complexity

39%

Confidentiality

98%

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

CVSS 3.1 Base Score 7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 3 years ago

2021-03-01 12:15:00

Last updated 2 years ago

2021-12-07 21:10:00

Affected Software

Apache Software Foundation Tomcat

Apache Software Foundation Tomcat 9.0.0 Milestone 1

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 10

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 11

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 12

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 13

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 14

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 15

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 16

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 17

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 18

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 19

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 2

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 20

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 21

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 22

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 23

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 24

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 25

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 26

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 27

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 3

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 4

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 5

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 6

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 7

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 8

9.0.0

Apache Software Foundation Tomcat 9.0.0 Milestone 9

9.0.0

Apache Software Foundation Tomcat 10.0.0 Milestone 1

10.0.0

Apache Software Foundation Tomcat 10.0.0 Milestone 2

10.0.0

Debian Linux 9.0

9.0

Oracle Instantis EnterpriseTrack 17.1

17.1

Oracle Instantis EnterpriseTrack 17.2

17.2

Oracle Instantis EnterpriseTrack 17.3

17.3

Oracle Managed File Transfer 12.2.1.3.0

12.2.1.3.0

References

[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484

[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

N/A

[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484

Mailing List, Third Party Advisory

[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Mailing List, Patch, Vendor Advisory

N/A

Mailing List, Vendor Advisory

[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

Mailing List, Vendor Advisory

[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

Mailing List, Vendor Advisory

[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

Mailing List, Vendor Advisory

[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)

Mailing List, Vendor Advisory

[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update

[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update

Mailing List, Third Party Advisory

https://security.netapp.com/advisory/ntap-20210409-0002/

https://security.netapp.com/advisory/ntap-20210409-0002/

Third Party Advisory

DSA-4891

DSA-4891

Third Party Advisory

[tomcat-users] 20210701 What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5

[tomcat-users] 20210701 Re: What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5

[tomcat-users] 20210702 Re: What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5

[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5

N/A

https://www.oracle.com/security-alerts/cpuoct2021.html

[tomcat-users] 20210701 What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5

Mailing List, Vendor Advisory

[tomcat-users] 20210701 Re: What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5

Mailing List, Vendor Advisory

[tomcat-users] 20210702 Re: What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5

Mailing List, Vendor Advisory

[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5

Mailing List, Vendor Advisory

N/A

Patch, Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.