BIT-tomcat-2025-48989

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2025-48989.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-tomcat-2025-48989

Aliases

Published

2025-08-18T08:14:11.138Z

Modified

2025-08-18T09:12:06.141608Z

Summary

Apache Tomcat: h2 DoS - Made You Reset

Details

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.108

Introduced

10.1.0-M1

Fixed

10.1.44

Introduced

11.0.0-M1

Fixed

11.0.10