ELSA-2025-23050

ULN >
Oracle Linux Errata repository >
ELSA-2025-23050

ELSA-2025-23050 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-12-10

Description

[1:10.1.36-3.1]
- Resolves: RHEL-124494
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-91729
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
- Resolves: RHEL-132527
tomcat: Denial of service (CVE-2025-61795)

Related CVEs

CVE-2025-31651

CVE-2025-55752

CVE-2025-61795

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	tomcat-10.1.36-3.el10_1.1.src.rpm	4181c54de193772dbfb516e19edf6dcdfde8787b38989d97f31a1a740c63bdbd	-	ol10_aarch64_appstream
	tomcat-10.1.36-3.el10_1.1.noarch.rpm	5581fe1964c45f6de270bfcfcb8afc797085235490058661355d4a205a6757d4	-	ol10_aarch64_appstream
	tomcat-admin-webapps-10.1.36-3.el10_1.1.noarch.rpm	f53cb97036d8595810290f3cd85617ed84d14ccfc375dd0655afd60f4c503bbd	-	ol10_aarch64_appstream
	tomcat-docs-webapp-10.1.36-3.el10_1.1.noarch.rpm	be74611910fc4b09b15b755428a1f57508322b9685468591ca5176e6daa11a27	-	ol10_aarch64_appstream
	tomcat-el-5.0-api-10.1.36-3.el10_1.1.noarch.rpm	61f5b954ed296d173e5655c2889be3a905e110832898066b19bd01fccde0919b	-	ol10_aarch64_appstream
	tomcat-jsp-3.1-api-10.1.36-3.el10_1.1.noarch.rpm	2a00919b42ba115247c8c544fb7ba9c61e0ffd8c42f7cb655cfab5bd097d9d98	-	ol10_aarch64_appstream
	tomcat-lib-10.1.36-3.el10_1.1.noarch.rpm	c58f85f335d227e7a2f97b84b759acca9edaa8133c1a2fdd6c29deca5e253af2	-	ol10_aarch64_appstream
	tomcat-servlet-6.0-api-10.1.36-3.el10_1.1.noarch.rpm	38a038ba323060bd99553175f54003786c409358d82ff30c99a3735be17f8381	-	ol10_aarch64_appstream
	tomcat-webapps-10.1.36-3.el10_1.1.noarch.rpm	4122af07b43b1a7e5f3f80cc883f4439f4849db022259ac22f19cc284ebd5055	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	tomcat-10.1.36-3.el10_1.1.src.rpm	4181c54de193772dbfb516e19edf6dcdfde8787b38989d97f31a1a740c63bdbd	-	ol10_x86_64_appstream
	tomcat-10.1.36-3.el10_1.1.noarch.rpm	5581fe1964c45f6de270bfcfcb8afc797085235490058661355d4a205a6757d4	-	ol10_x86_64_appstream
	tomcat-admin-webapps-10.1.36-3.el10_1.1.noarch.rpm	f53cb97036d8595810290f3cd85617ed84d14ccfc375dd0655afd60f4c503bbd	-	ol10_x86_64_appstream
	tomcat-docs-webapp-10.1.36-3.el10_1.1.noarch.rpm	be74611910fc4b09b15b755428a1f57508322b9685468591ca5176e6daa11a27	-	ol10_x86_64_appstream
	tomcat-el-5.0-api-10.1.36-3.el10_1.1.noarch.rpm	61f5b954ed296d173e5655c2889be3a905e110832898066b19bd01fccde0919b	-	ol10_x86_64_appstream
	tomcat-jsp-3.1-api-10.1.36-3.el10_1.1.noarch.rpm	2a00919b42ba115247c8c544fb7ba9c61e0ffd8c42f7cb655cfab5bd097d9d98	-	ol10_x86_64_appstream
	tomcat-lib-10.1.36-3.el10_1.1.noarch.rpm	c58f85f335d227e7a2f97b84b759acca9edaa8133c1a2fdd6c29deca5e253af2	-	ol10_x86_64_appstream
	tomcat-servlet-6.0-api-10.1.36-3.el10_1.1.noarch.rpm	38a038ba323060bd99553175f54003786c409358d82ff30c99a3735be17f8381	-	ol10_x86_64_appstream
	tomcat-webapps-10.1.36-3.el10_1.1.noarch.rpm	4122af07b43b1a7e5f3f80cc883f4439f4849db022259ac22f19cc284ebd5055	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691