ELSA-2025-23048

ULN >
Oracle Linux Errata repository >
ELSA-2025-23048

ELSA-2025-23048 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-12-10

Description

[1:9.0.87-1.7]
- Resolves: RHEL-124507
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-91743
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)

Related CVEs

CVE-2025-31651

CVE-2025-55752

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	tomcat-9.0.87-1.el8_10.7.src.rpm	c995b123a4cac5e0322413cba96bcca39da4349bd37df1dc279466c0582c7cbe	-	ol8_aarch64_appstream
	tomcat-9.0.87-1.el8_10.7.noarch.rpm	00914f86aae19a97b15d4c034b9b3b0e414e181f8dd6a4a1f9bd61ad5a142a60	-	ol8_aarch64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.7.noarch.rpm	587fc7eab5d309174ea945ce7f0822e08da727a9cd0a01fa77543f662c66440e	-	ol8_aarch64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.7.noarch.rpm	0858fe0ae109a8bf8f577e1f263ba4f54c23ae4c65722860f5a5fca82d3aa5a9	-	ol8_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.7.noarch.rpm	534f77a39a6bf8f6e91e97ee9f11fd3bd5fbb71f243d96d43b34dd55b4d67aad	-	ol8_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.7.noarch.rpm	5c0cf425e857d418e92ed60ac11b4be3caacddbabd6fe7f598eca334c3166416	-	ol8_aarch64_appstream
	tomcat-lib-9.0.87-1.el8_10.7.noarch.rpm	e9104d439b9b8d0f6f4b1a65cf8fde8804f6d8b51be831bab4082b89ad60c5eb	-	ol8_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.7.noarch.rpm	ece7dfd25b1fbd1f536d9adab1c8ca1e7280fc1fc67575aafe6eda249547a9bc	-	ol8_aarch64_appstream
	tomcat-webapps-9.0.87-1.el8_10.7.noarch.rpm	72d28644bf5e9fd50c8e6a99fd415963071037120f850f2e85692bec5205e0c9	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	tomcat-9.0.87-1.el8_10.7.src.rpm	c995b123a4cac5e0322413cba96bcca39da4349bd37df1dc279466c0582c7cbe	-	ol8_x86_64_appstream
	tomcat-9.0.87-1.el8_10.7.noarch.rpm	00914f86aae19a97b15d4c034b9b3b0e414e181f8dd6a4a1f9bd61ad5a142a60	-	ol8_x86_64_appstream
	tomcat-admin-webapps-9.0.87-1.el8_10.7.noarch.rpm	587fc7eab5d309174ea945ce7f0822e08da727a9cd0a01fa77543f662c66440e	-	ol8_x86_64_appstream
	tomcat-docs-webapp-9.0.87-1.el8_10.7.noarch.rpm	0858fe0ae109a8bf8f577e1f263ba4f54c23ae4c65722860f5a5fca82d3aa5a9	-	ol8_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-1.el8_10.7.noarch.rpm	534f77a39a6bf8f6e91e97ee9f11fd3bd5fbb71f243d96d43b34dd55b4d67aad	-	ol8_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-1.el8_10.7.noarch.rpm	5c0cf425e857d418e92ed60ac11b4be3caacddbabd6fe7f598eca334c3166416	-	ol8_x86_64_appstream
	tomcat-lib-9.0.87-1.el8_10.7.noarch.rpm	e9104d439b9b8d0f6f4b1a65cf8fde8804f6d8b51be831bab4082b89ad60c5eb	-	ol8_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-1.el8_10.7.noarch.rpm	ece7dfd25b1fbd1f536d9adab1c8ca1e7280fc1fc67575aafe6eda249547a9bc	-	ol8_x86_64_appstream
	tomcat-webapps-9.0.87-1.el8_10.7.noarch.rpm	72d28644bf5e9fd50c8e6a99fd415963071037120f850f2e85692bec5205e0c9	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691