Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-11335

Опубликовано: 16 июл. 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-11335: tomcat security update (IMPORTANT)

[1:9.0.87-3.el9_6.1]

  • Resolves: RHEL-91765 tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
  • Resolves: RHEL-71981 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

[1:9.0.87-3]

  • Resolves: RHEL-82945 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
  • Resolves: RHEL-71723 tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

tomcat

9.0.87-3.el9_6.1

tomcat-admin-webapps

9.0.87-3.el9_6.1

tomcat-docs-webapp

9.0.87-3.el9_6.1

tomcat-el-3.0-api

9.0.87-3.el9_6.1

tomcat-jsp-2.3-api

9.0.87-3.el9_6.1

tomcat-lib

9.0.87-3.el9_6.1

tomcat-servlet-4.0-api

9.0.87-3.el9_6.1

tomcat-webapps

9.0.87-3.el9_6.1

Oracle Linux x86_64

tomcat

9.0.87-3.el9_6.1

tomcat-admin-webapps

9.0.87-3.el9_6.1

tomcat-docs-webapp

9.0.87-3.el9_6.1

tomcat-el-3.0-api

9.0.87-3.el9_6.1

tomcat-jsp-2.3-api

9.0.87-3.el9_6.1

tomcat-lib

9.0.87-3.el9_6.1

tomcat-servlet-4.0-api

9.0.87-3.el9_6.1

tomcat-webapps

9.0.87-3.el9_6.1

Связанные CVE

CVE-2025-31650
CVE-2024-56337

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2025-11333

oracle-oval
21 день назад

ELSA-2025-11333: tomcat security update (IMPORTANT)

oracle-oval логотип

ELSA-2025-11332

oracle-oval
20 дней назад

ELSA-2025-11332: tomcat9 security update (IMPORTANT)

ubuntu логотип

CVE-2025-31650

CVSS3: 7.5
ubuntu
3 месяца назад

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

redhat логотип

CVE-2025-31650

CVSS3: 7.5
redhat
3 месяца назад

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.

nvd логотип

CVE-2025-31650

CVSS3: 7.5
nvd
3 месяца назад

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.