vulnerability
FreeBSD: VID-8b571fb2-f311-11eb-b12b-fc4dd43e2b6a (CVE-2021-30640): tomcat -- JNDI Realm Authentication Weakness in multiple versions
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Aug 1, 2021 | Nov 4, 2022 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Aug 1, 2021
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data (eg user names) as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate using variations of their user name and/or to bypass some of the protection provided by the LockOut Realm.
Solutions
freebsd-upgrade-package-tomcat7freebsd-upgrade-package-tomcat85freebsd-upgrade-package-tomcat9freebsd-upgrade-package-tomcat10
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.