Primary

Context

Apache Tomcat Authentication Bypass Vulnerability in Pre/Post-Resources

Vulnerability

Patched

An authentication bypass vulnerability has been identified in Apache Tomcat versions 11.0.0-M1 through 11.0.7, 10.1.0-M1 through 10.1.41, and 9.0.0.M1 through 9.0.105. This vulnerability arises when PreResources or PostResources are mounted outside the root of the web application, allowing access to these resources via an unexpected path. Such paths may not be subject to the same security constraints as the intended routes, potentially leading to a bypass of those security measures.

Impact

Exploitation of this vulnerability could allow unauthorized access to resources, bypassing established security constraints.

Remediation

Users are advised to upgrade to Apache Tomcat 11.0.8, 10.1.42, or 9.0.106.

Added: Jun 16, 2025, 3:20 PM

Updated: Jun 16, 2025, 3:20 PM

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Tomcat Authentication Bypass Vulnerability in Pre/Post-Resources

Vulnerability

Impact

Remediation

Affected Products

Apache Tomcat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating