製品・ソフトウェアに関する情報
Apache Tomcat における脆弱性
Title Apache Tomcat における脆弱性
Summary

Apache Tomcat には、不特定の脆弱性が存在します。

Possible impacts 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution

ベンダ情報および参考情報を参照して適切な対策を実施してください。

Publication Date March 1, 2021, midnight
Registration Date Nov. 8, 2021, 5:39 p.m.
Last Update Dec. 13, 2022, 4:11 p.m.
CVSS3.0 : 重要
Score 7
Vector CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS2.0 : 警告
Score 4.4
Vector AV:L/AC:M/Au:N/C:P/I:P/A:P
Affected System
Apache Software Foundation
Apache Tomcat 10.0.0-M1 から 10.0.0
Apache Tomcat 7.0.0 から 7.0.107
Apache Tomcat 8.5.0 から 8.5.61
Apache Tomcat 9.0.0.M1 から 9.0.41
日本電気
AddPoint 
CONNEXIVE Edge Device Management 2.0
CONNEXIVE PF 
NEC Advanced Analytics Platform Modeler 
RETRIEEM 
WebOTX OLF/TP Connect for Container
WebOTX Application Server Enterprise
WebOTX Application Server Express
WebOTX Application Server Standard
WebOTX Developer 
海外大規模農場分析ソリューション 
Debian
Debian GNU/Linux 
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
No Changed Details Date of change
3 [2022年08月09日]
  影響を受けるシステム:ベンダ情報 (NV21-012) の更新に伴い内容を更新
Aug. 9, 2022, 10:02 a.m.
1 [2021年11月08日]
  掲載
Nov. 8, 2021, 5:39 p.m.
2 [2022年01月27日]
  影響を受けるシステム:ベンダ情報の追加に伴い内容を更新
  ベンダ情報:日本電気 (NV21-012) を追加
Aug. 9, 2022, 10:01 a.m.
4 [2022年12月13日]
  影響を受けるシステム:ベンダ情報 (NV21-012) の更新に伴い内容を更新
Dec. 13, 2022, 3:04 p.m.

NVD Vulnerability Information
CVE-2021-25329
Summary

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Publication Date March 1, 2021, 9:15 p.m.
Registration Date March 2, 2021, 10:02 a.m.
Last Update Nov. 21, 2024, 2:54 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* 9.0.0 9.0.41
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* 8.5.0 8.5.61
cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:10.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* 7.0.0 7.0.107
Configuration2 or higher or less more than less than
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:* 21.9
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* 8.0.23
cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:* 21.3.0
cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:21.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List