CyberSecurityBoard
Sponsor Register Login

Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks

The vulnerabilities exploit different attack vectors, including HTTP/2 protocol weaknesses, file upload mechanisms, and stream handling capabilities. Organizations running affected versions should immediately upgrade to Apache Tomcat 9.0.107 to mitigate these security risks and prevent potential service disruptions. Exploits target the HTTP/2 protocol with APR/Native, file upload integer overflow, and excessive HTTP/2 stream creation. The APR/Native connector, which provides enhanced performance through native library integration, becomes susceptible to resource exhaustion attacks when processing malformed or excessive HTTP/2 requests. The remediation, implemented in commit 927d66fb, introduces robust input validation and proper integer bounds checking for file upload operations. This attack vector exploits the HTTP/2 multiplexing feature, where multiple streams can be processed simultaneously over a single TCP connection. Web applications with file upload functionality should implement additional validation layers at the application level as a defense-in-depth strategy. Network administrators should configure appropriate values for maxConcurrentStreams and monitor HTTP/2 connection patterns to detect potential abuse. The fix introduces stricter boundary checks and connection lifecycle management to prevent resource depletion scenarios.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Jul 2025 10:00:13 +0000


Cyber News related to Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks

CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
4 years ago
Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild - Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than 70 countries since their disclosure in March ...
1 week ago Cybersecuritynews.com CVE-2025-24813
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Critical RCE flaw in Apache Tomcat actively exploited in attacks - The attacker then sends a GET request with a JSESSIONID cookie pointing to the uploaded session file, forcing Tomcat to deserialize and execute the malicious Java code, granting complete control to the attacker. Tomcat users may also mitigate the ...
3 months ago Bleepingcomputer.com CVE-2025-24813
Hackers Exploiting Apache Tomcat Vulnerability to Steal SSH Credentials & Gain Server Control - The attack chain begins with brute-force attempts against Tomcat management consoles using commonly weak credentials, such as username “Tomcat” and password “123456” to gain initial access to vulnerable servers. Once ...
3 months ago Cybersecuritynews.com
Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
1 year ago Enisa.europa.eu
Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit - Wallarm security researchers have confirmed active exploitation attempts, warning that traditional security tools fail to detect these attacks because the PUT requests appear normal and malicious content is obfuscated using base64 encoding. The ...
3 months ago Cybersecuritynews.com CVE-2025-24813
CVE-2024-56337 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was ...
6 months ago Tenable.com CVE-2024-50379
CVE-2020-1938 - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available ...
3 years ago
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - Threat actors have exploited a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious ...
3 months ago Cybersecuritynews.com CVE-2024-31317 BianLian Medusa
CVE-2023-39913 - Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. ...
5 months ago
Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack - First noted in the National Vulnerability Database five days ago, the weakness stems from Coyote’s failure to enforce a hard cap on concurrent streams when an HTTP/2 client never acknowledges the server’s initial SETTINGS frame. Cyber Security ...
10 hours ago Cybersecuritynews.com CVE-2025-53506
The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
1 year ago Cybersecurity-insiders.com CVE-2023-46604 Andariel
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com CVE-2023-46604
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
1 year ago Cybersecuritynews.com CVE-2023-50164
Tomcat Vulnerability Exploited in the Wild to Take Over Apache Tomcat Servers - “We strongly urge all users to update immediately given the critical nature of this vulnerability and evidence of active exploitation,” stated the Apache Tomcat security team in their advisory. A critical remote code execution ...
3 months ago Cybersecuritynews.com CVE-2025-24813
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks - The vulnerabilities exploit different attack vectors, including HTTP/2 protocol weaknesses, file upload mechanisms, and stream handling capabilities. Organizations running affected versions should immediately upgrade to Apache Tomcat 9.0.107 to ...
6 days ago Cybersecuritynews.com
10 Most Common Types of Cyber Attacks in 2023 - Cyber attacks are evolving rapidly with advancements in technology, as threat actors exploit new vulnerabilities in:-. The expansion of Internet of Things devices provides new attack surfaces to the threat actors. Here below we have mentioned all the ...
1 year ago Gbhackers.com
Apache Tomcat Vulnerability Let Bypass Rules & Trigger DoS Condition - Identified as CVE-2025-31650, this high-severity vulnerability affects multiple Tomcat versions, posing a significant security risk to organizations relying on this popular Java application server. When attackers send numerous malformed requests ...
2 months ago Cybersecuritynews.com CVE-2025-31650
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
1 year ago Darkreading.com CVE-2023-50164
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Definition from TechTarget - Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. They're identified as nation-state attackers, and they've been accused of attacking the IT ...
1 year ago Techtarget.com
CVE-2016-6325 - The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)