ELSA-2025-23049

ULN >
Oracle Linux Errata repository >
ELSA-2025-23049

ELSA-2025-23049 - tomcat security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-12-10

Description

[1:9.0.87-6.1]
- Resolves: RHEL-124518
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-91753
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)

Related CVEs

CVE-2025-31651

CVE-2025-55752

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	tomcat-9.0.87-6.el9_7.1.src.rpm	e7ab2ac41e09578e8ead8e9db83eb00469d545595c8a77d3d39a73ca115cebf8	-	ol9_aarch64_appstream
	tomcat-9.0.87-6.el9_7.1.noarch.rpm	e5de6ed4497a0ca273c23b2b6dfa1e3b297da34d84a527723b860b2f62482c7d	-	ol9_aarch64_appstream
	tomcat-admin-webapps-9.0.87-6.el9_7.1.noarch.rpm	ea6c9c21d9c8bfe50d0926b1d076a0c0d84861e0cc8f4b55b5713fd6bd76229a	-	ol9_aarch64_appstream
	tomcat-docs-webapp-9.0.87-6.el9_7.1.noarch.rpm	20ea1ee365d55f6948cc5ba950f07b49d7eb6429d2097e01a3fcdec7f6abab6d	-	ol9_aarch64_appstream
	tomcat-el-3.0-api-9.0.87-6.el9_7.1.noarch.rpm	4273b0fc7e16d4f61481f62827a14be5547aa51208eb200372af89079b534d85	-	ol9_aarch64_appstream
	tomcat-jsp-2.3-api-9.0.87-6.el9_7.1.noarch.rpm	819e82fbadaa5262a32be7ab5beeff484ee303be54be343065ada69bbfb94dc6	-	ol9_aarch64_appstream
	tomcat-lib-9.0.87-6.el9_7.1.noarch.rpm	14a64a4554411a7b6f80c79c6138a76ded44b04e7b83377ca3289c0b07f33bc4	-	ol9_aarch64_appstream
	tomcat-servlet-4.0-api-9.0.87-6.el9_7.1.noarch.rpm	5db301028aca85dc259f67df1a38b2a2de387fe71bd604c25b3aa6bc44283601	-	ol9_aarch64_appstream
	tomcat-webapps-9.0.87-6.el9_7.1.noarch.rpm	e678940ea06505b7bee8739a45bdfbacbeb71b31aeaab39b30c7d84f0fd5faaa	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	tomcat-9.0.87-6.el9_7.1.src.rpm	e7ab2ac41e09578e8ead8e9db83eb00469d545595c8a77d3d39a73ca115cebf8	-	ol9_x86_64_appstream
	tomcat-9.0.87-6.el9_7.1.noarch.rpm	e5de6ed4497a0ca273c23b2b6dfa1e3b297da34d84a527723b860b2f62482c7d	-	ol9_x86_64_appstream
	tomcat-admin-webapps-9.0.87-6.el9_7.1.noarch.rpm	ea6c9c21d9c8bfe50d0926b1d076a0c0d84861e0cc8f4b55b5713fd6bd76229a	-	ol9_x86_64_appstream
	tomcat-docs-webapp-9.0.87-6.el9_7.1.noarch.rpm	20ea1ee365d55f6948cc5ba950f07b49d7eb6429d2097e01a3fcdec7f6abab6d	-	ol9_x86_64_appstream
	tomcat-el-3.0-api-9.0.87-6.el9_7.1.noarch.rpm	4273b0fc7e16d4f61481f62827a14be5547aa51208eb200372af89079b534d85	-	ol9_x86_64_appstream
	tomcat-jsp-2.3-api-9.0.87-6.el9_7.1.noarch.rpm	819e82fbadaa5262a32be7ab5beeff484ee303be54be343065ada69bbfb94dc6	-	ol9_x86_64_appstream
	tomcat-lib-9.0.87-6.el9_7.1.noarch.rpm	14a64a4554411a7b6f80c79c6138a76ded44b04e7b83377ca3289c0b07f33bc4	-	ol9_x86_64_appstream
	tomcat-servlet-4.0-api-9.0.87-6.el9_7.1.noarch.rpm	5db301028aca85dc259f67df1a38b2a2de387fe71bd604c25b3aa6bc44283601	-	ol9_x86_64_appstream
	tomcat-webapps-9.0.87-6.el9_7.1.noarch.rpm	e678940ea06505b7bee8739a45bdfbacbeb71b31aeaab39b30c7d84f0fd5faaa	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691