CVE-2021-25329 vulnerability in Apache and Other Products
Published on March 1, 2021

Incomplete fix for CVE-2020-9484

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2021-25329

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-25329 are published in these products:

Apache Tomcat

Debian Linux

Oracle Agile Plm

Oracle Database Server

Oracle Graph Server And Client

Oracle Instantis Enterprisetrack

Oracle Managed File Transfer

Oracle Mysql Enterprise Monitor

Oracle Siebel Ui Framework

Oracle Communications Cloud Native Core Policy

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Instant Messaging Server

Canonical Ubuntu Linux

Oracle

Affected Versions

Apache Software Foundation Apache Tomcat:

Version Apache Tomcat 10 and below 10.0.0 is affected.
Version Apache Tomcat 9 and below 9.0.41 is affected.
Version Apache Tomcat 8.5 and below 8.5.61 is affected.
Version Apache Tomcat 7 and below 7.0.107 is affected.

Exploit Probability

EPSS

0.80%

Percentile

73.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-25329 vulnerability in Apache and Other ProductsPublished on March 1, 2021

Products Associated with CVE-2021-25329

Affected Versions

Exploit Probability

CVE-2021-25329 vulnerability in Apache and Other Products
Published on March 1, 2021