Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN737 _____________________________________________________________________ DATE : 28/10/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Tomcat versions prior to 11.0.12, 10.1.47, 9.0.110. ===================================================================== https://lists.apache.org/thread/38vqp0v1fg4gr8c6lvm15wj6k67hxzxd https://lists.apache.org/thread/kslp83vxhtzw9lfj0753otwx9yl36y7l https://lists.apache.org/thread/njwfh0pon9kw6xorl1zl40dxcnnq1hnf _____________________________________________________________________ CVE-2025-55752 Apache Tomcat - Directory traversal via rewrite with possible RCE if PUT is enabled Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.10 Apache Tomcat 10.1.0-M1 to 10.1.44 Apache Tomcat 9.0.0.M11 to 9.0.108 Older, EOL versions may also be affected Description: The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 11.0.11 or later - Upgrade to Apache Tomcat 10.1.45 or later - Upgrade to Apache Tomcat 9.0.109 or later Credit: Chumy Tsai (github.com/Jimmy01240397) @ CyCraft Technology Intern History: 2025-10-27 Original advisory References: [1] https://tomcat.apache.org/security-11.html [2] https://tomcat.apache.org/security-10.html [3] https://tomcat.apache.org/security-9.html _____________________________________________________________________ CVE-2025-55754 Apache Tomcat - Console manipulation via escape sequences in log messages Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.10 Apache Tomcat 10.1.0-M1 to 10.1.44 Apache Tomcat 9.0.0.40 to 9.0.108 Older, EOL versions may also be affected Description: Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 11.0.11 or later - Upgrade to Apache Tomcat 10.1.45 or later - Upgrade to Apache Tomcat 9.0.109 or later Credit: Elysee Franchuk of MOBIA Technology Innovations History: 2025-10-27 Original advisory References: [1] https://tomcat.apache.org/security-11.html [2] https://tomcat.apache.org/security-10.html [3] https://tomcat.apache.org/security-9.html _____________________________________________________________________ CVE-2025-61795 Apache Tomcat - Delayed cleaning of multipart upload temporary files may lead to DoS Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.11 Apache Tomcat 10.1.0-M1 to 10.1.46 Apache Tomcat 9.0.0.M1 to 9.0.109 Older, EOL versions may also be affected Description: If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to local storage were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 11.0.12 or later - Upgrade to Apache Tomcat 10.1.47 or later - Upgrade to Apache Tomcat 9.0.110 or later Credit: sw0rd1ight (https://github.com/sw0rd1ight) History: 2025-10-27 Original advisory References: [1] https://tomcat.apache.org/security-11.html [2] https://tomcat.apache.org/security-10.html [3] https://tomcat.apache.org/security-9.html ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================