UBUNTU-CVE-2025-66614
- Source
- https://ubuntu.com/security/CVE-2025-66614
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66614.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-66614
- Upstream
- Published
- 2026-02-17T19:21:00Z
- Modified
- 2026-03-20T07:56:54.080239Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.
- References
Affected packages
Ubuntu:16.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1ubuntu0.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.40-1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat10-embed-java",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "libtomcat10-java",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-admin",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-common",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-docs",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-examples",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-user",
"binary_version": "10.1.40-1ubuntu1"
}
]
}tomcat11
Package
- Name
- tomcat11
- Purl
- pkg:deb/ubuntu/tomcat11@11.0.6-1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat11-embed-java",
"binary_version": "11.0.6-1"
},
{
"binary_name": "libtomcat11-java",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11-admin",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11-common",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11-docs",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11-examples",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11-user",
"binary_version": "11.0.6-1"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.95-1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:14.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.39-1ubuntu0.1+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.0.37-1
6.0.39-1
6.0.39-1ubuntu0.1
6.0.39-1ubuntu0.1+esm1
6.0.39-1ubuntu0.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet2.4-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "libservlet2.5-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "libtomcat6-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-admin",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-common",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-docs",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-examples",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-extras",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-user",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.16+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
7.0.52-1ubuntu0.8
7.0.52-1ubuntu0.9
7.0.52-1ubuntu0.10
7.0.52-1ubuntu0.11
7.0.52-1ubuntu0.13
7.0.52-1ubuntu0.14
7.0.52-1ubuntu0.15
7.0.52-1ubuntu0.16
7.0.52-1ubuntu0.16+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-examples",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
}
]
}Ubuntu:Pro:16.04:LTS
tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.13+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4
8.0.32-1ubuntu1.5
8.0.32-1ubuntu1.6
8.0.32-1ubuntu1.7
8.0.32-1ubuntu1.8
8.0.32-1ubuntu1.9
8.0.32-1ubuntu1.10
8.0.32-1ubuntu1.11
8.0.32-1ubuntu1.13
8.0.32-1ubuntu1.13+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.1-java",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.4+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.64-1
7.0.68-1
7.0.68-1ubuntu0.1
7.0.68-1ubuntu0.3
7.0.68-1ubuntu0.4
7.0.68-1ubuntu0.4+esm1
7.0.68-1ubuntu0.4+esm2
7.0.68-1ubuntu0.4+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-examples",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
}
]
}Ubuntu:Pro:18.04:LTS
tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.78-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm5?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.5.21-1ubuntu1
8.5.29-1
8.5.30-1
8.5.30-1ubuntu1
8.5.30-1ubuntu1.2
8.5.30-1ubuntu1.3
8.5.30-1ubuntu1.4
8.5.39-1ubuntu1~18.04.1
8.5.39-1ubuntu1~18.04.2
8.5.39-1ubuntu1~18.04.3
8.5.39-1ubuntu1~18.04.3+esm1
8.5.39-1ubuntu1~18.04.3+esm2
8.5.39-1ubuntu1~18.04.3+esm3
8.5.39-1ubuntu1~18.04.3+esm4
8.5.39-1ubuntu1~18.04.3+esm5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat8-embed-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm7?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.16-3~18.04.1
9.0.16-3ubuntu0.18.04.1
9.0.16-3ubuntu0.18.04.2
9.0.16-3ubuntu0.18.04.2+esm1
9.0.16-3ubuntu0.18.04.2+esm2
9.0.16-3ubuntu0.18.04.2+esm3
9.0.16-3ubuntu0.18.04.2+esm4
9.0.16-3ubuntu0.18.04.2+esm5
9.0.16-3ubuntu0.18.04.2+esm6
9.0.16-3ubuntu0.18.04.2+esm7
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
}
]
}Ubuntu:Pro:20.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9+esm2?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.24-1
9.0.27-1
9.0.31-1
9.0.31-1ubuntu0.1
9.0.31-1ubuntu0.2
9.0.31-1ubuntu0.3
9.0.31-1ubuntu0.4
9.0.31-1ubuntu0.5
9.0.31-1ubuntu0.6
9.0.31-1ubuntu0.7
9.0.31-1ubuntu0.8
9.0.31-1ubuntu0.9
9.0.31-1ubuntu0.9+esm1
9.0.31-1ubuntu0.9+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
}
]
}Ubuntu:Pro:22.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2+esm3?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.43-3
9.0.54-1
9.0.55-1
9.0.58-1
9.0.58-1ubuntu0.1
9.0.58-1ubuntu0.1+esm1
9.0.58-1ubuntu0.1+esm2
9.0.58-1ubuntu0.1+esm3
9.0.58-1ubuntu0.1+esm4
9.0.58-1ubuntu0.2
9.0.58-1ubuntu0.2+esm1
9.0.58-1ubuntu0.2+esm2
9.0.58-1ubuntu0.2+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
}
]
}Ubuntu:Pro:24.04:LTS
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm3?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1.10-1
10.1.14-1
10.1.15-1
10.1.16-1
10.1.16-1ubuntu0.1~esm1
10.1.16-1ubuntu0.1~esm2
10.1.16-1ubuntu0.1~esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat10-embed-java",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "libtomcat10-java",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-admin",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-common",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-docs",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-examples",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-user",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1+esm2?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.70-1ubuntu1
9.0.70-2
9.0.70-2ubuntu0.1
9.0.70-2ubuntu0.1+esm1
9.0.70-2ubuntu0.1+esm2