Описание
ELSA-2025-14177: tomcat security update (IMPORTANT)
[1:9.0.87-1.el8_10.6]
- Resolves: RHEL-102193 tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)
[1:9.0.87-1.el8_10.5]
- Resolves: RHEL-108486 tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108494 tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108502 tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108510 tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108524 tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108518 tomcat: Denial of service (CVE-2025-53506)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
tomcat
9.0.87-1.el8_10.6
tomcat-admin-webapps
9.0.87-1.el8_10.6
tomcat-docs-webapp
9.0.87-1.el8_10.6
tomcat-el-3.0-api
9.0.87-1.el8_10.6
tomcat-jsp-2.3-api
9.0.87-1.el8_10.6
tomcat-lib
9.0.87-1.el8_10.6
tomcat-servlet-4.0-api
9.0.87-1.el8_10.6
tomcat-webapps
9.0.87-1.el8_10.6
Oracle Linux x86_64
tomcat
9.0.87-1.el8_10.6
tomcat-admin-webapps
9.0.87-1.el8_10.6
tomcat-docs-webapp
9.0.87-1.el8_10.6
tomcat-el-3.0-api
9.0.87-1.el8_10.6
tomcat-jsp-2.3-api
9.0.87-1.el8_10.6
tomcat-lib
9.0.87-1.el8_10.6
tomcat-servlet-4.0-api
9.0.87-1.el8_10.6
tomcat-webapps
9.0.87-1.el8_10.6
Ссылки на источники
Связанные уязвимости
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.