| Summary | Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. |
|---|---|
| Publication Date | June 17, 2025, 12:15 a.m. |
| Registration Date | June 17, 2025, 4 a.m. |
| Last Update | June 17, 2025, 11:15 p.m. |
| Title | Apache Software Foundation の Apache Tomcat における代替パスまたはチャネルを使用した認証回避に関する脆弱性 |
|---|---|
| Summary | Apache Software Foundation の Apache Tomcat には、代替パスまたはチャネルを使用した認証回避に関する脆弱性が存在します。 |
| Possible impacts | 攻撃者により、ネットワークを介して、情報を取得される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | June 16, 2025, midnight |
| Registration Date | July 4, 2025, 10:26 a.m. |
| Last Update | July 4, 2025, 10:26 a.m. |
| Apache Software Foundation |
| Apache Tomcat 10.1.0 以上 10.1.42 未満 |
| Apache Tomcat 11.0.0 以上 11.0.8 未満 |
| Apache Tomcat 9.0.0 以上 9.0.106 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年07月04日] 掲載 |
July 4, 2025, 10:26 a.m. |