Primary

Context

Apache Tomcat Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Apache Tomcat versions 11.0.0-M1 prior to 11.0.7, 10.1.0-M1 prior to 10.1.41, and 9.0.0.M1 prior to 9.0.105. This vulnerability arises from the improper handling of multipart requests, where the same limit was applied to both request parameters and parts. Uploaded parts can include headers that must be preserved, leading to increased memory consumption. An attacker could exploit this by sending a multipart request with a large number of parts, causing excessive memory usage and potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability can cause excessive memory usage, leading to a denial-of-service condition where the server becomes unresponsive or unable to handle requests properly.

Remediation

Users should upgrade to Apache Tomcat versions 11.0.8, 10.1.42, or 9.0.106.

Added: Jun 16, 2025, 3:24 PM

Updated: Jun 16, 2025, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

2.5

exploitability

8.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

2.5

exploitability

8.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Tomcat Resource Exhaustion Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Apache Tomcat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating