CVE-2021-25329
- Source
- https://cve.org/CVERecord?id=CVE-2021-25329
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25329.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-25329
- Aliases
- Downstream
- Related
- Published
- 2021-03-01T12:15:14.280Z
- Modified
- 2026-04-11T12:36:11.468602Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "9.3.3" } ], "cpe": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "9.3.6" } ], "cpe": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "1.14.0" } ], "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "1.6.0" } ], "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "10.0.1.5.0" } ], "cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "12.2.0.1" } ], "cpe": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "19c" } ], "cpe": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "21c" } ], "cpe": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "fixed": "21.3.0" } ], "cpe": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "17.1" } ], "cpe": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "17.2" } ], "cpe": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "17.3" } ], "cpe": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "12.2.1.3.0" } ], "cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "12.2.1.4.0" } ], "cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "8.0.23" } ], "cpe": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "fixed": "21.9" } ], "cpe": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*" }, { "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "21.9" } ], "cpe": "cpe:2.3:a:oracle:siebel_ui_framework:21.9:*:*:*:*:*:*:*" } ] }- References
-
- https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r732b2ca289dc02df2de820e8775559abd6c207f159e39f559547a085%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/03/01/2
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html
- https://security.gentoo.org/glsa/202208-34
- https://security.netapp.com/advisory/ntap-20210409-0002/
- https://www.debian.org/security/2021/dsa-4891
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Affected packages
Git / github.com/apache/tomcat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "extracted_events": [ { "introduced": "7.0.0" }, { "last_affected": "7.0.107" }, { "introduced": "8.5.0" }, { "last_affected": "8.5.61" }, { "introduced": "9.0.0" }, { "last_affected": "9.0.41" }, { "introduced": "0" }, { "last_affected": "9.0.0-milestone1" }, { "last_affected": "9.0.0-milestone10" }, { "last_affected": "9.0.0-milestone11" }, { "last_affected": "9.0.0-milestone12" }, { "last_affected": "9.0.0-milestone13" }, { "last_affected": "9.0.0-milestone14" }, { "last_affected": "9.0.0-milestone15" }, { "last_affected": "9.0.0-milestone16" }, { "last_affected": "9.0.0-milestone17" }, { "last_affected": "9.0.0-milestone18" }, { "last_affected": "9.0.0-milestone19" }, { "last_affected": "9.0.0-milestone2" }, { "last_affected": "9.0.0-milestone20" }, { "last_affected": "9.0.0-milestone21" }, { "last_affected": "9.0.0-milestone22" }, { "last_affected": "9.0.0-milestone23" }, { "last_affected": "9.0.0-milestone24" }, { "last_affected": "9.0.0-milestone25" }, { "last_affected": "9.0.0-milestone26" }, { "last_affected": "9.0.0-milestone27" }, { "last_affected": "9.0.0-milestone3" }, { "last_affected": "9.0.0-milestone4" }, { "last_affected": "9.0.0-milestone5" }, { "last_affected": "9.0.0-milestone6" }, { "last_affected": "9.0.0-milestone7" }, { "last_affected": "9.0.0-milestone8" }, { "last_affected": "9.0.0-milestone9" }, { "last_affected": "10.0.0-NA" }, { "last_affected": "10.0.0-milestone1" }, { "last_affected": "10.0.0-milestone10" }, { "last_affected": "10.0.0-milestone2" }, { "last_affected": "10.0.0-milestone3" }, { "last_affected": "10.0.0-milestone4" }, { "last_affected": "10.0.0-milestone5" }, { "last_affected": "10.0.0-milestone6" }, { "last_affected": "10.0.0-milestone7" }, { "last_affected": "10.0.0-milestone8" }, { "last_affected": "10.0.0-milestone9" }, { "last_affected": "9.0" }, { "last_affected": "10.0" } ], "cpe": [ "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" ] }
Affected versions
10.*
10.0.0
10.0.0-M1
10.0.0-M10
10.0.0-M2
10.0.0-M3
10.0.0-M4
10.0.0-M5
10.0.0-M6
10.0.0-M7
10.0.0-M8
10.0.0-M9
7.*
7.0.107
8.*
8.5.61
9.*
9.0.0
9.0.0-M1
9.0.0-M10
9.0.0-M11
9.0.0-M12
9.0.0-M13
9.0.0-M14
9.0.0-M15
9.0.0-M16
9.0.0-M17
9.0.0-M18
9.0.0-M19
9.0.0-M2
9.0.0-M20
9.0.0-M21
9.0.0-M22
9.0.0-M23
9.0.0-M24
9.0.0-M25
9.0.0-M26
9.0.0-M27
9.0.0-M3
9.0.0-M4
9.0.0-M5
9.0.0-M6
9.0.0-M7
9.0.0-M8
9.0.0-M9
9.0.41