{"id":3710,"date":"2025-06-26T08:49:02","date_gmt":"2025-06-26T08:49:02","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=3710"},"modified":"2025-06-26T08:52:05","modified_gmt":"2025-06-26T08:52:05","slug":"tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/","title":{"rendered":"Tomcat Flaws Expose Servers to DoS, Auth Bypass &amp; Privilege Escalation"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The most prevalent Java servlet container, Apache Tomcat, is present in most enterprise and cloud-based web applications. Because of its agile, open-source framework, Apache Tomcat is prevalent in many fields of technology.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, widespread adoption also carries widespread risk.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In June 2025, the <a href=\"https:\/\/lists.apache.org\/thread\/w7dbnfyqn1yc05kbqqbbyct7wbomv7lf\">Apache Software Foundation reported 4<\/a> critical vulnerabilities across Tomcat 9.0, 10.1, and 11.0. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The vulnerabilities represent: <a href=\"https:\/\/certera.com\/blog\/largest-ddos-attacks-reported-till-today\/\">Denial-of-Service (DoS)<\/a>, Authentication bypass, Windows privilege escalation, Security constraint violations<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Millions of systems, still operating on unpatched versions of Tomcat, are at risk of attack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This article looks into each of the vulnerabilities, provides an overview of the impact, and explains how you can reduce the security risk on your systems. The final part of the article gives you security patching\/resource allocation, and configuration practices to help secure your deployment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-summary-of-flaws\">Summary of Flaws<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>CVE ID<\/strong><\/td><td><strong>Severity<\/strong><\/td><td><strong>Risk<\/strong><\/td><td><strong>Affected Versions<\/strong><\/td><\/tr><tr><td><strong>CVE-2025-48976<\/strong><\/td><td>Important<\/td><td>DoS via multipart header overload<\/td><td>9.0.0.M1\u20139.0.105, 10.1.0\u201310.1.41, 11.0.0-M1\u201311.0.7<\/td><\/tr><tr><td><strong>CVE-2025-48988<\/strong><\/td><td>Important<\/td><td>DoS via multipart upload abuse<\/td><td>9.0.0.M1\u20139.0.105, 10.1.0\u201310.1.41, 11.0.0-M1\u201311.0.7<\/td><\/tr><tr><td><strong>CVE-2025-49124<\/strong><\/td><td>Low<\/td><td>Windows installer side-loading<\/td><td>9.0.23\u20139.0.105, 10.1.0\u201310.1.41, 11.0.0-M1\u201311.0.7<\/td><\/tr><tr><td><strong>CVE-2025-49125<\/strong><\/td><td>Moderate<\/td><td>Auth bypass via Pre\/PostResources<\/td><td>9.0.23\u20139.0.105, 10.1.0\u201310.1.41, 11.0.0-M1\u201311.0.7<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cve-2025-48976-multipart-header-memory-exhaustion\">CVE-2025-48976 \u2013 Multipart Header Memory Exhaustion<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-nature-of-the-flaw\"><a><\/a>Nature of the Flaw<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This vulnerability arises from Apache Commons FileUpload. Tomcat, specifically the FileUpload module, is a widely adopted way of processing file uploads over multipart\/form-data.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-problem\"><a><\/a>Problem<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The system had a hard-coded restriction of 10kB on each multipart header before the patch. <strong>Attackers could:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Send thousands of parts per request<\/li>\n\n\n\n<li>Force the server to allocate memory for each 10kB header<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-real-world-example\"><a><\/a>Real-World Example<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1,000 parts x 10kB header = 10MB of allocated memory<\/li>\n\n\n\n<li>Thousands of requests = Gigabytes of allocated memory<\/li>\n\n\n\n<li>Result: OutOfMemoryError\u00a0 \u2192 server crash<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-solution\">Solution<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ASF added a configurable parameter:\u00a0 maxPartHeaderSize(default 512 bytes)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-impact\">Impact<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Will prevent excessive memory allocation<\/li>\n\n\n\n<li>Gives flexibility to administrators<\/li>\n\n\n\n<li>Lowers the probability of memory DoS<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cve-2025-48988-multipart-upload-resource-exhaustion\">CVE-2025-48988 \u2013 Multipart Upload Resource Exhaustion<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-nature-of-the-flaw-0\"><a><\/a>Nature of the Flaw<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The vulnerability existed in the Tomcat handling of multipart parts in a file upload.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-problem-0\"><a><\/a>Problem<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tomcat recognized multipart \u201cparts\u201d like any other request parameter.<\/li>\n\n\n\n<li>Multipart parts are heavier. <strong>They include: <\/strong>Binary file data and Headers that are retained in memory<\/li>\n\n\n\n<li>Tomcat used a single limit for both.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-exploitation\"><a><\/a>Exploitation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attacker sends a multipart request with:<ul><li>10,000 parts<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Each part\u2019s header uses 500 bytes<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The server allocates ~5MB per request<\/li>\n\n\n\n<li>The attacker sends many requests simultaneously<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-result\">Result: <\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Server memory exhaustion and crash<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-solution\"><a><\/a>Solution<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The ASF added maxPartCount parameter\n<ul class=\"wp-block-list\">\n<li>Default: 10 parts<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Allows administrators to customize file upload handling<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cve-2025-49124-windows-installer-side-loading\">CVE-2025-49124 \u2013 Windows Installer Side-Loading<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-nature-of-the-flaw-1\"><a><\/a>Nature of the Flaw<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">A low-risk, but dangerous vulnerability on Windows systems.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-problem-1\"><a><\/a>Problem<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tomcat installer invoked icacls.exe (used to modify file permissions)<\/li>\n\n\n\n<li>It didn\u2019t specify the full path (e.g., C:\\Windows\\System32\\icacls.exe)<\/li>\n\n\n\n<li>Relied on system PATH variable<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-exploitation-0\"><a><\/a>Exploitation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attacker places a fake icacls.exe earlier in the PATH<\/li>\n\n\n\n<li>The installer unknowingly executes the attacker\u2019s malicious file<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-possible-outcomes\">Possible Outcomes:<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><ul><li>Privilege escalationMalicious services installed<\/li><\/ul><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Persistence mechanisms embedded<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-solution-0\"><a><\/a>Solution<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Installer now uses full, absolute path to icacls.exe<\/li>\n\n\n\n<li>Prevents PATH manipulation attacks<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cve-2025-49125-pre-postresources-auth-bypass\">CVE-2025-49125 \u2013 Pre\/PostResources Auth Bypass<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-nature-of-the-flaw-2\"><a><\/a>Nature of the Flaw<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This moderate-severity flaw targets advanced Tomcat deployments using resource overlays.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-problem-2\"><a><\/a>Problem<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tomcat allows mounting of additional resources (PreResources\/PostResources) outside the app root<\/li>\n\n\n\n<li>These resources should be protected by the same security policies<\/li>\n\n\n\n<li>Path normalization wasn\u2019t enforced<\/li>\n\n\n\n<li>Attackers could request files using alternative paths<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-exploitation-1\"><a><\/a>Exploitation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Use of unexpected path variants allowed:<ul><li>Bypassing authentication rules<\/li><\/ul><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Gaining access to protected static content or files<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-solution-1\"><a><\/a>Solution<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Patch enforces path normalization<\/li>\n\n\n\n<li>Ensures consistent security policy enforcement for all resource paths<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-these-attacks-work-in-practice\">How These Attacks Work in Practice?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-denial-of-service-dos\"><a><\/a>Denial-of-Service (DoS)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Attackers target memory allocation:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Send multiple large or complex multipart requests<\/li>\n\n\n\n<li>Each request consumes significant memory<\/li>\n\n\n\n<li>Servers crash or become unresponsive<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-authentication-bypass\"><a><\/a>Authentication Bypass<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>By manipulating paths, attackers can:<ul><li>Access restricted areas<\/li><\/ul><ul><li>Download sensitive resources<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Avoid user verification steps<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-installer-abuse\"><a><\/a>Installer Abuse<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Used in targeted attacks<\/li>\n\n\n\n<li>Threat actors compromise Windows environments<\/li>\n\n\n\n<li>Side-load malicious binaries during installation<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-technical-exploitation-flow\">Technical Exploitation Flow<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Attack Stage<\/strong><\/td><td><strong>Description<\/strong><\/td><td><strong>Target Component<\/strong><\/td><\/tr><tr><td>Reconnaissance<\/td><td>Identify vulnerable Tomcat version<\/td><td>Web Application<\/td><\/tr><tr><td>Exploit Delivery<\/td><td>Send multipart or crafted path requests<\/td><td>Connector \/ FileUpload<\/td><\/tr><tr><td>Resource Impact<\/td><td>Exhaust memory \/ bypass controls<\/td><td>JVM \/ Auth Modules<\/td><\/tr><tr><td>Outcome<\/td><td>Server crash, auth bypass, persistence<\/td><td>Entire Host System<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-recommended-actions\">Recommended Actions<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-upgrade-immediately\"><a><\/a>1. Upgrade Immediately<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Version Branch<\/strong><\/td><td><strong>Upgrade To<\/strong><\/td><\/tr><tr><td>Tomcat 9.0.x<\/td><td>9.0.106<\/td><\/tr><tr><td>Tomcat 10.1.x<\/td><td>10.1.42<\/td><\/tr><tr><td>Tomcat 11.0.x<\/td><td>11.0.8<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-apply-configuration-hardening\"><a><\/a>2. Apply Configuration Hardening<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In server.xml, within the &lt;Connector&gt; tag:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Connector\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u2026\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 maxPartHeaderSize=\"512\"\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 maxPartCount=\"10\"\n\/><\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-validate-path-settings-windows\"><a><\/a>3. Validate PATH Settings (Windows)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure no untrusted executables reside in any directory listed in the PATH environment variable.<\/li>\n\n\n\n<li>Verify file access rights for installers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-review-pre-post-resources-configuration\">4. Review Pre\/Post Resources Configuration<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid mounting resources outside the root unless essential.<\/li>\n\n\n\n<li>Apply strict access controls and test for path bypasses.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The recent Apache Tomcat vulnerabilities\u2014ranging from denial-of-service (DoS) risks to authentication bypass and installer abuse\u2014underscore the critical need for proactive system security. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These flaws, affecting versions 9.0, 10.1, and 11.0, could be exploited to crash servers, bypass security controls, or introduce malicious executables during installation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Fortunately, the Apache Software Foundation has responded swiftly with patches and configuration options that offer immediate protection.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To strengthen your defense beyond patching, consider using a dedicated security solution like <strong><a href=\"https:\/\/certera.com\/sitelock\">SiteLock<\/a><\/strong>. It offers real-time website scanning, daily vulnerability detection, and active protection against threats such as DDoS attacks, malware, SQL injection, and authentication bypass.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The most prevalent Java servlet container, Apache Tomcat, is present in most enterprise and cloud-based web applications. Because of its agile, open-source framework, Apache Tomcat is prevalent in many fields of technology. However, widespread adoption also carries widespread risk. In June 2025, the Apache Software Foundation reported 4 critical vulnerabilities across Tomcat 9.0, 10.1, and<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":3712,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31,32],"tags":[707],"class_list":["post-3710","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attack","category-vulnerability","tag-apache-tomcat-vulnerabilities","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Tomcat Flaws Expose DoS, Auth Bypass &amp; Privilege Escalation<\/title>\n<meta name=\"description\" content=\"Apache Tomcat flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems to denial-of-service (DoS) attacks, privilege escalation. Follow the actions now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tomcat Flaws Expose DoS, Auth Bypass &amp; Privilege Escalation\" \/>\n<meta property=\"og:description\" content=\"Apache Tomcat flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems to denial-of-service (DoS) attacks, privilege escalation. Follow the actions now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-26T08:49:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-26T08:52:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/critical-tomcat-vulnerabilities.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Tomcat Flaws Expose Servers to DoS, Auth Bypass &amp; Privilege Escalation\",\"datePublished\":\"2025-06-26T08:49:02+00:00\",\"dateModified\":\"2025-06-26T08:52:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/\"},\"wordCount\":852,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/critical-tomcat-vulnerabilities.webp\",\"keywords\":[\"Apache Tomcat Vulnerabilities\"],\"articleSection\":[\"Cyber Attack\",\"Vulnerability\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/\",\"name\":\"Tomcat Flaws Expose DoS, Auth Bypass & Privilege Escalation\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/critical-tomcat-vulnerabilities.webp\",\"datePublished\":\"2025-06-26T08:49:02+00:00\",\"dateModified\":\"2025-06-26T08:52:05+00:00\",\"description\":\"Apache Tomcat flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems to denial-of-service (DoS) attacks, privilege escalation. Follow the actions now!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/critical-tomcat-vulnerabilities.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/critical-tomcat-vulnerabilities.webp\",\"width\":960,\"height\":620,\"caption\":\"Apache Tomcat Vulnerabilities\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tomcat Flaws Expose Servers to DoS, Auth Bypass &amp; Privilege Escalation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Tomcat Flaws Expose DoS, Auth Bypass & Privilege Escalation","description":"Apache Tomcat flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems to denial-of-service (DoS) attacks, privilege escalation. Follow the actions now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/","og_locale":"en_US","og_type":"article","og_title":"Tomcat Flaws Expose DoS, Auth Bypass & Privilege Escalation","og_description":"Apache Tomcat flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems to denial-of-service (DoS) attacks, privilege escalation. Follow the actions now!","og_url":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2025-06-26T08:49:02+00:00","article_modified_time":"2025-06-26T08:52:05+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/critical-tomcat-vulnerabilities.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Tomcat Flaws Expose Servers to DoS, Auth Bypass &amp; Privilege Escalation","datePublished":"2025-06-26T08:49:02+00:00","dateModified":"2025-06-26T08:52:05+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/"},"wordCount":852,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/critical-tomcat-vulnerabilities.webp","keywords":["Apache Tomcat Vulnerabilities"],"articleSection":["Cyber Attack","Vulnerability"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/","url":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/","name":"Tomcat Flaws Expose DoS, Auth Bypass & Privilege Escalation","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/critical-tomcat-vulnerabilities.webp","datePublished":"2025-06-26T08:49:02+00:00","dateModified":"2025-06-26T08:52:05+00:00","description":"Apache Tomcat flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems to denial-of-service (DoS) attacks, privilege escalation. Follow the actions now!","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/critical-tomcat-vulnerabilities.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/critical-tomcat-vulnerabilities.webp","width":960,"height":620,"caption":"Apache Tomcat Vulnerabilities"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/tomcat-flaws-expose-servers-to-dos-auth-bypass-privilege-escalation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Tomcat Flaws Expose Servers to DoS, Auth Bypass &amp; Privilege Escalation"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=3710"}],"version-history":[{"count":4,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3710\/revisions"}],"predecessor-version":[{"id":3719,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3710\/revisions\/3719"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/3712"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=3710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=3710"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=3710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}