CVE
CVE-2025-66614
| CVE ID |
CVE-2025-66614
|
|---|---|
| CVSS Score |
7.6
|
| Operating System | |
| Affected Versions |
Tomcat
|
| Patched Versions |
8.5.120-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
Addressed a security vulnerability where Tomcat did not validate that the TLS SNI hostname matched the HTTP Host header. In certain configurations, this could allow bypass of the connector-level client certificate authentication. The fix adds strict hostname consistency checks.