ELSA-2025-23052

ULN >
Oracle Linux Errata repository >
ELSA-2025-23052

ELSA-2025-23052 - tomcat9 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-12-10

Description

[1:9.0.87-8.1]
- Resolves: RHEL-124497
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-91732
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)

Related CVEs

CVE-2025-31651

CVE-2025-55752

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	tomcat9-9.0.87-8.el10_1.1.src.rpm	a5a8ab01780c51f7fd5d939969c8e8e799dce47be94781ed993d898f26505127	-	ol10_aarch64_appstream
	tomcat9-9.0.87-8.el10_1.1.noarch.rpm	cbc8d751446ad73dca472c0c356613f3ce2fc22f006be63d530261b253579e51	-	ol10_aarch64_appstream
	tomcat9-admin-webapps-9.0.87-8.el10_1.1.noarch.rpm	0cee2a49e4a30306e684bd694d6fe9588f0e4cfb298cd793064218d381141090	-	ol10_aarch64_appstream
	tomcat9-docs-webapp-9.0.87-8.el10_1.1.noarch.rpm	b18a994bc9e227c21cafd85bee382be75b094719f1430b47ef01ad7901cd6c1d	-	ol10_aarch64_appstream
	tomcat9-el-3.0-api-9.0.87-8.el10_1.1.noarch.rpm	ba0cb4d30d7fa3befdaf973ee91a88ff04e98c15d2b3b6abf3d7ea2b7fa3fb8f	-	ol10_aarch64_appstream
	tomcat9-jsp-2.3-api-9.0.87-8.el10_1.1.noarch.rpm	b2fce617165703bbc9d8116a91c69ccb9ac0abca0f7fec9a4b86ae671b8ed7e5	-	ol10_aarch64_appstream
	tomcat9-lib-9.0.87-8.el10_1.1.noarch.rpm	d4d2d5cd7d1616a70811e411ec817ad707477ec440429fca7981770700645db9	-	ol10_aarch64_appstream
	tomcat9-servlet-4.0-api-9.0.87-8.el10_1.1.noarch.rpm	a43e0ef9da9c24c0df4d052a53706ee3d634197fb3ad8767942721563ebf9c95	-	ol10_aarch64_appstream
	tomcat9-webapps-9.0.87-8.el10_1.1.noarch.rpm	3ea4a1e2820cf9cadef08bfc09f56c6201d16e512084f1ba94027f808a53e565	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	tomcat9-9.0.87-8.el10_1.1.src.rpm	a5a8ab01780c51f7fd5d939969c8e8e799dce47be94781ed993d898f26505127	-	ol10_x86_64_appstream
	tomcat9-9.0.87-8.el10_1.1.noarch.rpm	cbc8d751446ad73dca472c0c356613f3ce2fc22f006be63d530261b253579e51	-	ol10_x86_64_appstream
	tomcat9-admin-webapps-9.0.87-8.el10_1.1.noarch.rpm	0cee2a49e4a30306e684bd694d6fe9588f0e4cfb298cd793064218d381141090	-	ol10_x86_64_appstream
	tomcat9-docs-webapp-9.0.87-8.el10_1.1.noarch.rpm	b18a994bc9e227c21cafd85bee382be75b094719f1430b47ef01ad7901cd6c1d	-	ol10_x86_64_appstream
	tomcat9-el-3.0-api-9.0.87-8.el10_1.1.noarch.rpm	ba0cb4d30d7fa3befdaf973ee91a88ff04e98c15d2b3b6abf3d7ea2b7fa3fb8f	-	ol10_x86_64_appstream
	tomcat9-jsp-2.3-api-9.0.87-8.el10_1.1.noarch.rpm	b2fce617165703bbc9d8116a91c69ccb9ac0abca0f7fec9a4b86ae671b8ed7e5	-	ol10_x86_64_appstream
	tomcat9-lib-9.0.87-8.el10_1.1.noarch.rpm	d4d2d5cd7d1616a70811e411ec817ad707477ec440429fca7981770700645db9	-	ol10_x86_64_appstream
	tomcat9-servlet-4.0-api-9.0.87-8.el10_1.1.noarch.rpm	a43e0ef9da9c24c0df4d052a53706ee3d634197fb3ad8767942721563ebf9c95	-	ol10_x86_64_appstream
	tomcat9-webapps-9.0.87-8.el10_1.1.noarch.rpm	3ea4a1e2820cf9cadef08bfc09f56c6201d16e512084f1ba94027f808a53e565	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691