ELSA-2025-14178

Опубликовано: 21 авг. 2025

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2025-14178: tomcat9 security update (IMPORTANT)

[1:9.0.87-5.3]

Resolves: tomcat: http/2 'MadeYouReset' DoS attack through HTTP/2 control frames (CVE-2025-48989)
Resolves: tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
Resolves: tomcat: Dos in multipart upload (CVE-2025-48988)
Resolves: tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
Resolves: tomcat: Denial of service (CVE-2025-52434)
Resolves: tomcat: Denial of service (CVE-2025-52520)
Resolves: tomcat: Denial of service (CVE-2025-53506)

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

tomcat9

9.0.87-5.el10_0.3

tomcat9-admin-webapps

9.0.87-5.el10_0.3

tomcat9-docs-webapp

9.0.87-5.el10_0.3

tomcat9-el-3.0-api

9.0.87-5.el10_0.3

tomcat9-jsp-2.3-api

9.0.87-5.el10_0.3

tomcat9-lib

9.0.87-5.el10_0.3

tomcat9-servlet-4.0-api

9.0.87-5.el10_0.3

tomcat9-webapps

9.0.87-5.el10_0.3

Oracle Linux x86_64

tomcat9

9.0.87-5.el10_0.3

tomcat9-admin-webapps

9.0.87-5.el10_0.3

tomcat9-docs-webapp

9.0.87-5.el10_0.3

tomcat9-el-3.0-api

9.0.87-5.el10_0.3

tomcat9-jsp-2.3-api

9.0.87-5.el10_0.3

tomcat9-lib

9.0.87-5.el10_0.3

tomcat9-servlet-4.0-api

9.0.87-5.el10_0.3

tomcat9-webapps

9.0.87-5.el10_0.3

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2025-14181

oracle-oval

12 дней назад

ELSA-2025-14181: tomcat security update (IMPORTANT)

ELSA-2025-14177

oracle-oval

12 дней назад

ELSA-2025-14177: tomcat security update (IMPORTANT)

ELSA-2025-14179

oracle-oval

10 дней назад

ELSA-2025-14179: tomcat security update (IMPORTANT)

SUSE-SU-2025:03024-1

suse-cvrf

3 дня назад

Security update for tomcat

ROS-20250826-08

CVSS3: 5.6

redos

6 дней назад

Множественные уязвимости tomcat