Description

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

INFO

Published Date :

2025-04-28T19:17:21.721Z

Last Modified :

2025-04-28T22:02:47.596Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-31651 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-31651.

URL Resource
http://www.openwall.com/lists/oss-security/2025/04/28/3 cve-icon
https://lists.apache.org/[email protected] cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System