ELSA-2025-14178

ELSA-2025-14178 - tomcat9 security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2025-08-21

Description


[1:9.0.87-5.3]
- Resolves:
tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)
- Resolves:
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves:
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves:
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves:
tomcat: Denial of service (CVE-2025-52434)
- Resolves:
tomcat: Denial of service (CVE-2025-52520)
- Resolves:
tomcat: Denial of service (CVE-2025-53506)


Related CVEs


CVE-2025-52520
CVE-2025-48989
CVE-2025-52434
CVE-2025-53506
CVE-2025-48988
CVE-2025-48976
CVE-2025-49125

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) tomcat9-9.0.87-5.el10_0.3.src.rpmdf55f1fb7a4c5b58eda7bda55dfbd690cc770aaff643bd8854701bbcdb833d1a-ol10_aarch64_appstream
tomcat9-9.0.87-5.el10_0.3.noarch.rpme00723f6845710c2fafe549ccc350c1614c7f26d7f574bfc6229a26bc224d719-ol10_aarch64_appstream
tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpmabe62a57b738f4f894727e5e520eb46000f4771fe45b2759aaea7e104fc62c5b-ol10_aarch64_appstream
tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm7ef9a6996ab412287c5b252a0cafe3bedbc5a3294b78c4e81538e225ffd82b48-ol10_aarch64_appstream
tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpmb57353117c14ab5a60322d088c509506fd810c304c0915a61dba8565448d1848-ol10_aarch64_appstream
tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm4db07f3d799f7120659b5851fb1f5b7fd71e8a159c05286b1593d9785fd81479-ol10_aarch64_appstream
tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm30e571fdb03f002c8ca89ecd5e0c7d38058de92fa227ec73b1251b2385e484b6-ol10_aarch64_appstream
tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm1ba88f55391c06171065c352ff9928e73dd5c877254163faf528c27938130275-ol10_aarch64_appstream
tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpmfd376f512e0e4542917e5aeabb69df1d2e859f76ed231b351779d3e9405223c6-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) tomcat9-9.0.87-5.el10_0.3.src.rpmdf55f1fb7a4c5b58eda7bda55dfbd690cc770aaff643bd8854701bbcdb833d1a-ol10_x86_64_appstream
tomcat9-9.0.87-5.el10_0.3.noarch.rpme00723f6845710c2fafe549ccc350c1614c7f26d7f574bfc6229a26bc224d719-ol10_x86_64_appstream
tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpmabe62a57b738f4f894727e5e520eb46000f4771fe45b2759aaea7e104fc62c5b-ol10_x86_64_appstream
tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm7ef9a6996ab412287c5b252a0cafe3bedbc5a3294b78c4e81538e225ffd82b48-ol10_x86_64_appstream
tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpmb57353117c14ab5a60322d088c509506fd810c304c0915a61dba8565448d1848-ol10_x86_64_appstream
tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm4db07f3d799f7120659b5851fb1f5b7fd71e8a159c05286b1593d9785fd81479-ol10_x86_64_appstream
tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm30e571fdb03f002c8ca89ecd5e0c7d38058de92fa227ec73b1251b2385e484b6-ol10_x86_64_appstream
tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm1ba88f55391c06171065c352ff9928e73dd5c877254163faf528c27938130275-ol10_x86_64_appstream
tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpmfd376f512e0e4542917e5aeabb69df1d2e859f76ed231b351779d3e9405223c6-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete