vulnerability
Amazon Linux AMI 2: CVE-2025-31650: Security patch for tomcat (ALASTOMCAT9-2025-017)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Apr 28, 2025 | May 14, 2025 | May 14, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Apr 28, 2025
Added
May 14, 2025
Modified
May 14, 2025
Description
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.
This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.
Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Solution(s)
amazon-linux-ami-2-upgrade-tomcatamazon-linux-ami-2-upgrade-tomcat-admin-webappsamazon-linux-ami-2-upgrade-tomcat-docs-webappamazon-linux-ami-2-upgrade-tomcat-el-3-0-apiamazon-linux-ami-2-upgrade-tomcat-jsp-2-3-apiamazon-linux-ami-2-upgrade-tomcat-jsvcamazon-linux-ami-2-upgrade-tomcat-libamazon-linux-ami-2-upgrade-tomcat-servlet-4-0-apiamazon-linux-ami-2-upgrade-tomcat-webapps
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.