DEBIAN-CVE-2025-55668
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-55668
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-55668.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-55668
- Upstream
- Published
- 2025-08-13T14:15:33Z
- Modified
- 2025-10-10T19:31:17.681432Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
- References
Affected packages
Debian:11
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/debian/tomcat9?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.70-2
Affected versions
9.*
9.0.43-1
9.0.43-2~deb11u1
9.0.43-2~deb11u2
9.0.43-2~deb11u3
9.0.43-2~deb11u4
9.0.43-2~deb11u5
9.0.43-2~deb11u6
9.0.43-2~deb11u7
9.0.43-2~deb11u8
9.0.43-2~deb11u9
9.0.43-2~deb11u10
9.0.43-2~deb11u11
9.0.43-2~deb11u12
9.0.43-2
9.0.43-3
9.0.53-1
9.0.54-1
9.0.55-1
9.0.58-1
9.0.62-1
9.0.63-1
9.0.64-1
9.0.64-2
9.0.65-1
9.0.67-1
9.0.68-1
9.0.68-1.1
9.0.70-1
Debian:12
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/debian/tomcat10?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1.6-1
10.1.6-1+deb12u1
10.1.6-1+deb12u2
10.1.7-1
10.1.8-1
10.1.9-1
10.1.10-1
10.1.13-1
10.1.14-1
10.1.15-1
10.1.16-1
10.1.20-1
10.1.23-1
10.1.25-1~bpo12+1
10.1.25-1
10.1.25-2
10.1.30-1~bpo12+1
10.1.30-1
10.1.31-1
10.1.33-1~bpo12+1
10.1.33-1
10.1.34-0+deb12u1
10.1.34-0+deb12u2
10.1.34-1
10.1.35-1
10.1.40-1~bpo12+1
10.1.40-1
10.1.46-1