VDB
RHSA-2025%3A19810
RHSA-2025%3A19810
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Web Server 6.1.3 |
Timeline
- Nov 6, 2025 CVE Published
- Apr 28, 2026 Distribution Patch
- Apr 28, 2026 Distribution Patch
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- May 10, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:19810 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2362782 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2406588 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2406591 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19810.json advisory
- https://access.redhat.com/security/cve/CVE-2025-31651 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-31651 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-31651 advisory
- https://lists.apache.org/list.html?announce@tomcat.apache.org advisory
- https://access.redhat.com/security/cve/CVE-2025-55752 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-55752 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-55752 advisory
- https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a advisory
- https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog advisory
- https://access.redhat.com/security/cve/CVE-2025-61795 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61795 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61795 advisory
- https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06 advisory
…and 1 more