ELSA-2025-14177

ELSA-2025-14177 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-08-20

Description

[1:9.0.87-1.el8_10.6]
- Resolves: RHEL-102193
tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)

[1:9.0.87-1.el8_10.5]
- Resolves: RHEL-108486
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108494
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108502
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108510
tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108524
tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108518
tomcat: Denial of service (CVE-2025-53506)

Related CVEs

CVE-2025-48989

CVE-2025-52520

CVE-2025-48988

CVE-2025-49125

CVE-2025-48976

CVE-2025-53506

CVE-2025-52434

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	tomcat-9.0.87-1.el8_10.6.src.rpm	f0c59c3031bf45a594027ffda1cd3e64922b6c15e0a90d95c474dfec2bcbfb8e	-	ol8_aarch64_appstream
	tomcat-9.0.87-1.el8_10.6.noarch.rpm	0f0ec69c9701fe16b6f7cc91adc47a07b925084a98751e9fa0bddaf00656a0b8	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm	51d6cacea57f64aaa69bb81b6926e22f39eec0720090292d03c113a37f9580e9	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm	548ac25b4d69b7947c2336e91d586f676f2932ea111ffb42da2925521b654953	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpm	ebe66960bdad8bffd2761b15bc5c60548b2e64440f44d40e31ce6b9d2834ab47	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm	4078aded5c49e1b904a78a7d828c7653eebde97f29135ef52d48f398c07bc31e	-	ol8_aarch64_appstream
	tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm	4206f7794e5d3e80551332f00088686289a54d17834da2505329c800056c22c7	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm	63b83c578a49115f64ab74202d1b96dce6a8fe7aaaf7f4c2ecfc50930595cee4	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpm	de848e2c9e661ce2f24099cc5c3899f0ee62db4febfa75ba1de9634e54d4c23f	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	tomcat-9.0.87-1.el8_10.6.src.rpm	f0c59c3031bf45a594027ffda1cd3e64922b6c15e0a90d95c474dfec2bcbfb8e	-	ol8_x86_64_appstream
	tomcat-9.0.87-1.el8_10.6.noarch.rpm	0f0ec69c9701fe16b6f7cc91adc47a07b925084a98751e9fa0bddaf00656a0b8	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm	51d6cacea57f64aaa69bb81b6926e22f39eec0720090292d03c113a37f9580e9	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm	548ac25b4d69b7947c2336e91d586f676f2932ea111ffb42da2925521b654953	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpm	ebe66960bdad8bffd2761b15bc5c60548b2e64440f44d40e31ce6b9d2834ab47	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm	4078aded5c49e1b904a78a7d828c7653eebde97f29135ef52d48f398c07bc31e	-	ol8_x86_64_appstream
	tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm	4206f7794e5d3e80551332f00088686289a54d17834da2505329c800056c22c7	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm	63b83c578a49115f64ab74202d1b96dce6a8fe7aaaf7f4c2ecfc50930595cee4	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpm	de848e2c9e661ce2f24099cc5c3899f0ee62db4febfa75ba1de9634e54d4c23f	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team