Bug 2362782 (CVE-2025-31651)
| Summary: | CVE-2025-31651 tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | aogburn, ben.argyle, cchiang, csutherl, dsoumis, gregk4sec, jclere, pjindal, plodge, prodsec-dev, rmaucher, szappis, vrajput |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | Flags: | aogburn:
needinfo?
(prodsec-dev) ben.argyle: needinfo? (prodsec-dev) |
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2363040, 2363041, 2363042 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-04-28 20:01:19 UTC
see apache httpd CVE-2024-38474, this issue is not identical This issue has been addressed in the following products: Red Hat JBoss Web Server 6.1.3 Via RHSA-2025:19810 https://access.redhat.com/errata/RHSA-2025:19810 This issue has been addressed in the following products: Red Hat JBoss Web Server 6.1 on RHEL 10 Red Hat JBoss Web Server 6.1 on RHEL 8 Red Hat JBoss Web Server 6.1 on RHEL 9 Via RHSA-2025:19809 https://access.redhat.com/errata/RHSA-2025:19809 This issue has been addressed in the following products: Red Hat JBoss Web Server 5.8.6 Via RHSA-2025:22924 https://access.redhat.com/errata/RHSA-2025:22924 This issue has been addressed in the following products: Red Hat JBoss Web Server 5.8 on RHEL 7 Red Hat JBoss Web Server 5.8 on RHEL 8 Red Hat JBoss Web Server 5.8 on RHEL 9 Via RHSA-2025:22925 https://access.redhat.com/errata/RHSA-2025:22925 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2025:23051 https://access.redhat.com/errata/RHSA-2025:23051 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2025:23053 https://access.redhat.com/errata/RHSA-2025:23053 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:23052 https://access.redhat.com/errata/RHSA-2025:23052 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:23050 https://access.redhat.com/errata/RHSA-2025:23050 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:23045 https://access.redhat.com/errata/RHSA-2025:23045 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:23046 https://access.redhat.com/errata/RHSA-2025:23046 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:23047 https://access.redhat.com/errata/RHSA-2025:23047 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:23049 https://access.redhat.com/errata/RHSA-2025:23049 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2025:23044 https://access.redhat.com/errata/RHSA-2025:23044 Can this issue also be address in the following product, please: Red Hat Enterprise Linux 8 Thank you! This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:23048 https://access.redhat.com/errata/RHSA-2025:23048 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:0292 https://access.redhat.com/errata/RHSA-2026:0292 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:0293 https://access.redhat.com/errata/RHSA-2026:0293 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2026:2725 https://access.redhat.com/errata/RHSA-2026:2725 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:2724 https://access.redhat.com/errata/RHSA-2026:2724 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:2726 https://access.redhat.com/errata/RHSA-2026:2726 |