CVE-2021-25329

HIGH Year: 2021
CVSS v3 Score
7.0
High
CVSS v2 Score
4.4
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Related Vulnerabilities

CVE-2015-8543

HIGH
CVSS:7.0(High)

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users t...

NVD-CWE-Other2015

CVE-2016-3584

HIGH
CVSS:7.0(High)

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.

NVD-CWE-Other2016

CVE-2016-4558

HIGH
CVSS:7.0(High)

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a c...

NVD-CWE-Other2016

CVE-2016-4639

HIGH
CVSS:7.0(High)

Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.

NVD-CWE-Other2016

CVE-2016-5625

HIGH
CVSS:7.0(High)

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.

NVD-CWE-Other2016

CVE-2017-0155

HIGH
CVSS:7.0(High)

The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows...

NVD-CWE-Other2017