ELSA-2025-14177

ELSA-2025-14177 - tomcat security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2025-08-20

Description


[1:9.0.87-1.el8_10.6]
- Resolves: RHEL-102193
tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)

[1:9.0.87-1.el8_10.5]
- Resolves: RHEL-108486
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108494
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108502
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108510
tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108524
tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108518
tomcat: Denial of service (CVE-2025-53506)


Related CVEs


CVE-2025-48989
CVE-2025-52520
CVE-2025-48988
CVE-2025-49125
CVE-2025-48976
CVE-2025-53506
CVE-2025-52434

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) tomcat-9.0.87-1.el8_10.6.src.rpmf0c59c3031bf45a594027ffda1cd3e64922b6c15e0a90d95c474dfec2bcbfb8e-ol8_aarch64_appstream
tomcat-9.0.87-1.el8_10.6.noarch.rpm0f0ec69c9701fe16b6f7cc91adc47a07b925084a98751e9fa0bddaf00656a0b8-ol8_aarch64_appstream
tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm51d6cacea57f64aaa69bb81b6926e22f39eec0720090292d03c113a37f9580e9-ol8_aarch64_appstream
tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm548ac25b4d69b7947c2336e91d586f676f2932ea111ffb42da2925521b654953-ol8_aarch64_appstream
tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpmebe66960bdad8bffd2761b15bc5c60548b2e64440f44d40e31ce6b9d2834ab47-ol8_aarch64_appstream
tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm4078aded5c49e1b904a78a7d828c7653eebde97f29135ef52d48f398c07bc31e-ol8_aarch64_appstream
tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm4206f7794e5d3e80551332f00088686289a54d17834da2505329c800056c22c7-ol8_aarch64_appstream
tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm63b83c578a49115f64ab74202d1b96dce6a8fe7aaaf7f4c2ecfc50930595cee4-ol8_aarch64_appstream
tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpmde848e2c9e661ce2f24099cc5c3899f0ee62db4febfa75ba1de9634e54d4c23f-ol8_aarch64_appstream
Oracle Linux 8 (x86_64) tomcat-9.0.87-1.el8_10.6.src.rpmf0c59c3031bf45a594027ffda1cd3e64922b6c15e0a90d95c474dfec2bcbfb8e-ol8_x86_64_appstream
tomcat-9.0.87-1.el8_10.6.noarch.rpm0f0ec69c9701fe16b6f7cc91adc47a07b925084a98751e9fa0bddaf00656a0b8-ol8_x86_64_appstream
tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm51d6cacea57f64aaa69bb81b6926e22f39eec0720090292d03c113a37f9580e9-ol8_x86_64_appstream
tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm548ac25b4d69b7947c2336e91d586f676f2932ea111ffb42da2925521b654953-ol8_x86_64_appstream
tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpmebe66960bdad8bffd2761b15bc5c60548b2e64440f44d40e31ce6b9d2834ab47-ol8_x86_64_appstream
tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm4078aded5c49e1b904a78a7d828c7653eebde97f29135ef52d48f398c07bc31e-ol8_x86_64_appstream
tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm4206f7794e5d3e80551332f00088686289a54d17834da2505329c800056c22c7-ol8_x86_64_appstream
tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm63b83c578a49115f64ab74202d1b96dce6a8fe7aaaf7f4c2ecfc50930595cee4-ol8_x86_64_appstream
tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpmde848e2c9e661ce2f24099cc5c3899f0ee62db4febfa75ba1de9634e54d4c23f-ol8_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete