Author: markt Date: Wed Aug 13 13:13:36 2025 New Revision: 1927785 Log: Add details of CVE-2025-55668
Modified: tomcat/site/trunk/docs/security-10.html tomcat/site/trunk/docs/security-11.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-10.xml tomcat/site/trunk/xdocs/security-11.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-10.html ============================================================================== --- tomcat/site/trunk/docs/security-10.html Wed Aug 13 12:06:30 2025 (r1927784) +++ tomcat/site/trunk/docs/security-10.html Wed Aug 13 13:13:36 2025 (r1927785) @@ -91,6 +91,21 @@ </div><h3 id="Fixed_in_Apache_Tomcat_10.1.42"><span class="pull-right">2025-06-09</span> Fixed in Apache Tomcat 10.1.42</h3><div class="text"> + <p><strong>Moderate: Session fixation possible via rewrite valve</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55668"; rel="nofollow">CVE-2025-55668</a></p> + + <p>If the rewrite valve was enabled for a web application, an attacker was + able to craft a URL that, if a victim clicked on it, would cause the + victim's interaction with that resource to occur in the context of the + attacker's session.</p> + + <p>This was fixed with commit + <a href="https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6";>8621e4c6</a>.</p> + + <p>The issue was made public on 13 August 2025.</p> + + <p>Affects: 10.1.0-M1 to 10.1.41</p> + <p><strong>Moderate: Security constraint bypass for PreResources and PostResources</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125"; rel="nofollow">CVE-2025-49125</a></p> Modified: tomcat/site/trunk/docs/security-11.html ============================================================================== --- tomcat/site/trunk/docs/security-11.html Wed Aug 13 12:06:30 2025 (r1927784) +++ tomcat/site/trunk/docs/security-11.html Wed Aug 13 13:13:36 2025 (r1927785) @@ -85,6 +85,21 @@ </div><h3 id="Fixed_in_Apache_Tomcat_11.0.8"><span class="pull-right">2025-06-09</span> Fixed in Apache Tomcat 11.0.8</h3><div class="text"> + <p><strong>Moderate: Session fixation possible via rewrite valve</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55668"; rel="nofollow">CVE-2025-55668</a></p> + + <p>If the rewrite valve was enabled for a web application, an attacker was + able to craft a URL that, if a victim clicked on it, would cause the + victim's interaction with that resource to occur in the context of the + attacker's session.</p> + + <p>This was fixed with commit + <a href="https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21";>90306d97</a>.</p> + + <p>The issue was made public on 13 August 2025.</p> + + <p>Affects: 11.0.0-M1 to 11.0.7</p> + <p><strong>Moderate: Security constraint bypass for PreResources and PostResources</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125"; rel="nofollow">CVE-2025-49125</a></p> Modified: tomcat/site/trunk/docs/security-9.html ============================================================================== --- tomcat/site/trunk/docs/security-9.html Wed Aug 13 12:06:30 2025 (r1927784) +++ tomcat/site/trunk/docs/security-9.html Wed Aug 13 13:13:36 2025 (r1927785) @@ -99,6 +99,21 @@ </div><h3 id="Fixed_in_Apache_Tomcat_9.0.106"><span class="pull-right">2025-06-10</span> Fixed in Apache Tomcat 9.0.106</h3><div class="text"> + <p><strong>Moderate: Session fixation possible via rewrite valve</strong> + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55668"; rel="nofollow">CVE-2025-55668</a></p> + + <p>If the rewrite valve was enabled for a web application, an attacker was + able to craft a URL that, if a victim clicked on it, would cause the + victim's interaction with that resource to occur in the context of the + attacker's session.</p> + + <p>This was fixed with commit + <a href="https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95";>9c3673ba</a>.</p> + + <p>The issue was made public on 13 August 2025.</p> + + <p>Affects: 9.0.0.M1 to 9.0.105</p> + <p><strong>Moderate: Security constraint bypass for PreResources and PostResources</strong> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125"; rel="nofollow">CVE-2025-49125</a></p> Modified: tomcat/site/trunk/xdocs/security-10.xml ============================================================================== --- tomcat/site/trunk/xdocs/security-10.xml Wed Aug 13 12:06:30 2025 (r1927784) +++ tomcat/site/trunk/xdocs/security-10.xml Wed Aug 13 13:13:36 2025 (r1927785) @@ -108,6 +108,21 @@ <section name="Fixed in Apache Tomcat 10.1.42" rtext="2025-06-09"> + <p><strong>Moderate: Session fixation possible via rewrite valve</strong> + <cve>CVE-2025-55668</cve></p> + + <p>If the rewrite valve was enabled for a web application, an attacker was + able to craft a URL that, if a victim clicked on it, would cause the + victim's interaction with that resource to occur in the context of the + attacker's session.</p> + + <p>This was fixed with commit + <hashlink hash="8621e4c6ba2c916a41eb34cb0f781171ead33fb6"/>.</p> + + <p>The issue was made public on 13 August 2025.</p> + + <p>Affects: 10.1.0-M1 to 10.1.41</p> + <p><strong>Moderate: Security constraint bypass for PreResources and PostResources</strong> <cve>CVE-2025-49125</cve></p> Modified: tomcat/site/trunk/xdocs/security-11.xml ============================================================================== --- tomcat/site/trunk/xdocs/security-11.xml Wed Aug 13 12:06:30 2025 (r1927784) +++ tomcat/site/trunk/xdocs/security-11.xml Wed Aug 13 13:13:36 2025 (r1927785) @@ -102,6 +102,21 @@ <section name="Fixed in Apache Tomcat 11.0.8" rtext="2025-06-09"> + <p><strong>Moderate: Session fixation possible via rewrite valve</strong> + <cve>CVE-2025-55668</cve></p> + + <p>If the rewrite valve was enabled for a web application, an attacker was + able to craft a URL that, if a victim clicked on it, would cause the + victim's interaction with that resource to occur in the context of the + attacker's session.</p> + + <p>This was fixed with commit + <hashlink hash="90306d971bb8b8393336d893644124fb2ca11d21"/>.</p> + + <p>The issue was made public on 13 August 2025.</p> + + <p>Affects: 11.0.0-M1 to 11.0.7</p> + <p><strong>Moderate: Security constraint bypass for PreResources and PostResources</strong> <cve>CVE-2025-49125</cve></p> Modified: tomcat/site/trunk/xdocs/security-9.xml ============================================================================== --- tomcat/site/trunk/xdocs/security-9.xml Wed Aug 13 12:06:30 2025 (r1927784) +++ tomcat/site/trunk/xdocs/security-9.xml Wed Aug 13 13:13:36 2025 (r1927785) @@ -116,6 +116,21 @@ <section name="Fixed in Apache Tomcat 9.0.106" rtext="2025-06-10"> + <p><strong>Moderate: Session fixation possible via rewrite valve</strong> + <cve>CVE-2025-55668</cve></p> + + <p>If the rewrite valve was enabled for a web application, an attacker was + able to craft a URL that, if a victim clicked on it, would cause the + victim's interaction with that resource to occur in the context of the + attacker's session.</p> + + <p>This was fixed with commit + <hashlink hash="9c3673ba04009377cb0c81ccb6cf5078aec1aa95"/>.</p> + + <p>The issue was made public on 13 August 2025.</p> + + <p>Affects: 9.0.0.M1 to 9.0.105</p> + <p><strong>Moderate: Security constraint bypass for PreResources and PostResources</strong> <cve>CVE-2025-49125</cve></p> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
