Bug 2362782 (CVE-2025-31651)

Summary: CVE-2025-31651 tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: aogburn, ben.argyle, cchiang, csutherl, dsoumis, gregk4sec, jclere, jiahli, pjindal, plodge, prodsec-dev, rmaucher, szappis, vrajput
Target Milestone: ---Keywords: Security
Target Release: ---Flags: aogburn: needinfo? (prodsec-dev)
ben.argyle: needinfo? (prodsec-dev)
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2363040, 2363041, 2363042    
Bug Blocks:    

Description OSIDB Bzimport 2025-04-28 20:01:19 UTC 
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible 
for a specially crafted request to bypass some rewrite rules. If those 
rewrite rules effectively enforced security constraints, those 
constraints could be bypassed.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.

Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Comment 8 Greg K 2025-05-15 02:20:13 UTC 
see apache httpd CVE-2024-38474, this issue is not identical
Comment 10 errata-xmlrpc 2025-11-06 16:24:28 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 6.1.3

Via RHSA-2025:19810 https://access.redhat.com/errata/RHSA-2025:19810
Comment 11 errata-xmlrpc 2025-11-06 16:29:23 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 6.1 on RHEL 10
  Red Hat JBoss Web Server 6.1 on RHEL 8
  Red Hat JBoss Web Server 6.1 on RHEL 9

Via RHSA-2025:19809 https://access.redhat.com/errata/RHSA-2025:19809
Comment 12 errata-xmlrpc 2025-12-09 15:22:32 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 5.8.6

Via RHSA-2025:22924 https://access.redhat.com/errata/RHSA-2025:22924
Comment 13 errata-xmlrpc 2025-12-09 15:23:10 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 5.8 on RHEL 7
  Red Hat JBoss Web Server 5.8 on RHEL 8
  Red Hat JBoss Web Server 5.8 on RHEL 9

Via RHSA-2025:22925 https://access.redhat.com/errata/RHSA-2025:22925
Comment 14 errata-xmlrpc 2025-12-10 14:34:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23051 https://access.redhat.com/errata/RHSA-2025:23051
Comment 15 errata-xmlrpc 2025-12-10 14:35:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23053 https://access.redhat.com/errata/RHSA-2025:23053
Comment 16 errata-xmlrpc 2025-12-10 14:40:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23052 https://access.redhat.com/errata/RHSA-2025:23052
Comment 17 errata-xmlrpc 2025-12-10 14:41:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23050 https://access.redhat.com/errata/RHSA-2025:23050
Comment 18 errata-xmlrpc 2025-12-10 14:47:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:23045 https://access.redhat.com/errata/RHSA-2025:23045
Comment 19 errata-xmlrpc 2025-12-10 14:50:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:23046 https://access.redhat.com/errata/RHSA-2025:23046
Comment 20 errata-xmlrpc 2025-12-10 15:06:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:23047 https://access.redhat.com/errata/RHSA-2025:23047
Comment 21 errata-xmlrpc 2025-12-10 15:06:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23049 https://access.redhat.com/errata/RHSA-2025:23049
Comment 22 errata-xmlrpc 2025-12-10 17:01:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:23044 https://access.redhat.com/errata/RHSA-2025:23044
Comment 23 Ben 2025-12-10 17:02:40 UTC 
Can this issue also be address in the following product, please:

  Red Hat Enterprise Linux 8

Thank you!
Comment 24 errata-xmlrpc 2025-12-10 17:40:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:23048 https://access.redhat.com/errata/RHSA-2025:23048