ELSA-2025-14178

ULN >
Oracle Linux Errata repository >
ELSA-2025-14178

ELSA-2025-14178 - tomcat9 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-08-21

Description

[1:9.0.87-5.3]
- Resolves:
tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)
- Resolves:
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves:
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves:
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves:
tomcat: Denial of service (CVE-2025-52434)
- Resolves:
tomcat: Denial of service (CVE-2025-52520)
- Resolves:
tomcat: Denial of service (CVE-2025-53506)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	tomcat9-9.0.87-5.el10_0.3.src.rpm	df55f1fb7a4c5b58eda7bda55dfbd690cc770aaff643bd8854701bbcdb833d1a	-	ol10_aarch64_appstream
	tomcat9-9.0.87-5.el10_0.3.noarch.rpm	e00723f6845710c2fafe549ccc350c1614c7f26d7f574bfc6229a26bc224d719	-	ol10_aarch64_appstream
	tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpm	abe62a57b738f4f894727e5e520eb46000f4771fe45b2759aaea7e104fc62c5b	-	ol10_aarch64_appstream
	tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm	7ef9a6996ab412287c5b252a0cafe3bedbc5a3294b78c4e81538e225ffd82b48	-	ol10_aarch64_appstream
	tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpm	b57353117c14ab5a60322d088c509506fd810c304c0915a61dba8565448d1848	-	ol10_aarch64_appstream
	tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm	4db07f3d799f7120659b5851fb1f5b7fd71e8a159c05286b1593d9785fd81479	-	ol10_aarch64_appstream
	tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm	30e571fdb03f002c8ca89ecd5e0c7d38058de92fa227ec73b1251b2385e484b6	-	ol10_aarch64_appstream
	tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm	1ba88f55391c06171065c352ff9928e73dd5c877254163faf528c27938130275	-	ol10_aarch64_appstream
	tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpm	fd376f512e0e4542917e5aeabb69df1d2e859f76ed231b351779d3e9405223c6	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	tomcat9-9.0.87-5.el10_0.3.src.rpm	df55f1fb7a4c5b58eda7bda55dfbd690cc770aaff643bd8854701bbcdb833d1a	-	ol10_x86_64_appstream
	tomcat9-9.0.87-5.el10_0.3.noarch.rpm	e00723f6845710c2fafe549ccc350c1614c7f26d7f574bfc6229a26bc224d719	-	ol10_x86_64_appstream
	tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpm	abe62a57b738f4f894727e5e520eb46000f4771fe45b2759aaea7e104fc62c5b	-	ol10_x86_64_appstream
	tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm	7ef9a6996ab412287c5b252a0cafe3bedbc5a3294b78c4e81538e225ffd82b48	-	ol10_x86_64_appstream
	tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpm	b57353117c14ab5a60322d088c509506fd810c304c0915a61dba8565448d1848	-	ol10_x86_64_appstream
	tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm	4db07f3d799f7120659b5851fb1f5b7fd71e8a159c05286b1593d9785fd81479	-	ol10_x86_64_appstream
	tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm	30e571fdb03f002c8ca89ecd5e0c7d38058de92fa227ec73b1251b2385e484b6	-	ol10_x86_64_appstream
	tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm	1ba88f55391c06171065c352ff9928e73dd5c877254163faf528c27938130275	-	ol10_x86_64_appstream
	tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpm	fd376f512e0e4542917e5aeabb69df1d2e859f76ed231b351779d3e9405223c6	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691