VDB

RHSA-2025%3A19810

RHSA-2025%3A19810 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Web Server 6.1.3

Timeline

  • Nov 6, 2025 CVE Published
  • Apr 28, 2026 Distribution Patch
  • Apr 28, 2026 Distribution Patch
  • Apr 28, 2026 Security Advisory
  • Apr 28, 2026 Security Advisory
  • Apr 28, 2026 Security Advisory
  • Apr 28, 2026 Security Advisory
  • May 10, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›