BIT-tomcat-2025-55668

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2025-55668.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-tomcat-2025-55668

Aliases

Published

2025-08-18T08:14:21.163Z

Modified

2026-03-20T10:00:32.842448Z

Summary

Apache Tomcat: session fixation via rewrite valve

Details

Session Fixation vulnerability in Apache Tomcat via rewrite valve.

This issue affects Apache Tomcat: from 11.0.0 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.0 through 9.0.105. Older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.106

Introduced

10.0.0

Fixed

10.1.42

Introduced

11.0.0

Fixed

11.0.8

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2025-55668.json"