Severity
High
Analysis Summary
CVE-2021-25329
Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw with a configuration edge case. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Gain Access
Affected Vendors
Apache Tomcat
Affected Products
- Apache Tomcat 7
- Apache Tomcat 8.5.0
- Apache Tomcat 9.0.0.M1
- Apache Tomcat 10.0.0 M1
- Apache Tomcat 8.5.61
- Apache Tomcat 9.0.41
- Apache Tomcat 10.0.0
- Apache Tomcat 7.0.107
Remediation
Upgrade to the latest version of Tomcat (7.0.108, 8.5.63, 9.0.43, 10.0.2 or later).