Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-3645

Опубликовано: 07 апр. 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-3645: tomcat security update (MODERATE)

[1:9.0.87-2.el9_5.1]

  • Resolves: RHEL-82946 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
  • Resolves: RHEL-71719 tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

tomcat

9.0.87-2.el9_5.1

tomcat-admin-webapps

9.0.87-2.el9_5.1

tomcat-docs-webapp

9.0.87-2.el9_5.1

tomcat-el-3.0-api

9.0.87-2.el9_5.1

tomcat-jsp-2.3-api

9.0.87-2.el9_5.1

tomcat-lib

9.0.87-2.el9_5.1

tomcat-servlet-4.0-api

9.0.87-2.el9_5.1

tomcat-webapps

9.0.87-2.el9_5.1

Oracle Linux x86_64

tomcat

9.0.87-2.el9_5.1

tomcat-admin-webapps

9.0.87-2.el9_5.1

tomcat-docs-webapp

9.0.87-2.el9_5.1

tomcat-el-3.0-api

9.0.87-2.el9_5.1

tomcat-jsp-2.3-api

9.0.87-2.el9_5.1

tomcat-lib

9.0.87-2.el9_5.1

tomcat-servlet-4.0-api

9.0.87-2.el9_5.1

tomcat-webapps

9.0.87-2.el9_5.1

Связанные CVE

Связанные уязвимости

oracle-oval
4 месяца назад

ELSA-2025-3683: tomcat security update (MODERATE)

CVSS3: 9.8
ubuntu
8 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVSS3: 8.1
redhat
8 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVSS3: 9.8
nvd
8 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVSS3: 9.8
debian
8 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during ...