ELSA-2025-14179

ELSA-2025-14179 - tomcat security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2025-08-22

Description


[1:10.1.36-1.2]
- tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
- tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
- tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)
- tomcat: Apache Tomcat denial of service (CVE-2025-52520)
- tomcat: Apache Tomcat denial of service (CVE-2025-53506)


Related CVEs


CVE-2025-52520
CVE-2025-49125
CVE-2025-48989
CVE-2025-48988
CVE-2025-53506
CVE-2025-48976

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) tomcat-10.1.36-1.el10_0.2.src.rpm2407d3bc1b8efd14613a49dde9536d55d47e96f222394124510c2c6777d65c33-ol10_aarch64_appstream
tomcat-10.1.36-1.el10_0.2.noarch.rpm1947fbb71b58133e8a887ea74ded7be51102f744a52ac306f1f830d3d4895e96-ol10_aarch64_appstream
tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm6689b498e20b33413d71c69d5bc0e448096f77d516f7aabbb2678381870f4132-ol10_aarch64_appstream
tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpmeb004a70922a28c2cd0d57a68666736d1018e7f595b7c267140d980519c3dd60-ol10_aarch64_appstream
tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm73ca4cbbf2de5317e33223ef5eb069945b0a3e23bf32ccc11c062bc10b8e4632-ol10_aarch64_appstream
tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpmdc5f086b51914dce17eaca4bf5f586eb275786a0719f014d94b65fa06e35ff17-ol10_aarch64_appstream
tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm775c41f90b1cf955919fa65554e094694f5b08892db49f1310604e1dbd9e6bec-ol10_aarch64_appstream
tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpmd291a40d82c25121edb84de12817a1540ed91d4a4778889fb779a6b115130299-ol10_aarch64_appstream
tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm22e04c5bdad847ab6cb2eff5eae8d7b220759bdb31cbac016de6d1b944a4166d-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) tomcat-10.1.36-1.el10_0.2.src.rpm2407d3bc1b8efd14613a49dde9536d55d47e96f222394124510c2c6777d65c33-ol10_x86_64_appstream
tomcat-10.1.36-1.el10_0.2.noarch.rpm1947fbb71b58133e8a887ea74ded7be51102f744a52ac306f1f830d3d4895e96-ol10_x86_64_appstream
tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm6689b498e20b33413d71c69d5bc0e448096f77d516f7aabbb2678381870f4132-ol10_x86_64_appstream
tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpmeb004a70922a28c2cd0d57a68666736d1018e7f595b7c267140d980519c3dd60-ol10_x86_64_appstream
tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm73ca4cbbf2de5317e33223ef5eb069945b0a3e23bf32ccc11c062bc10b8e4632-ol10_x86_64_appstream
tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpmdc5f086b51914dce17eaca4bf5f586eb275786a0719f014d94b65fa06e35ff17-ol10_x86_64_appstream
tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm775c41f90b1cf955919fa65554e094694f5b08892db49f1310604e1dbd9e6bec-ol10_x86_64_appstream
tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpmd291a40d82c25121edb84de12817a1540ed91d4a4778889fb779a6b115130299-ol10_x86_64_appstream
tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm22e04c5bdad847ab6cb2eff5eae8d7b220759bdb31cbac016de6d1b944a4166d-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete