ELSA-2025-3683

Опубликовано: 08 апр. 2025

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2025-3683: tomcat security update (MODERATE)

[1:9.0.87-1.el8_10.3]

Resolves: RHEL-82934 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
Resolves: RHEL-71708 tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

tomcat

9.0.87-1.el8_10.3

tomcat-admin-webapps

9.0.87-1.el8_10.3

tomcat-docs-webapp

9.0.87-1.el8_10.3

tomcat-el-3.0-api

9.0.87-1.el8_10.3

tomcat-jsp-2.3-api

9.0.87-1.el8_10.3

tomcat-lib

9.0.87-1.el8_10.3

tomcat-servlet-4.0-api

9.0.87-1.el8_10.3

tomcat-webapps

9.0.87-1.el8_10.3

Oracle Linux x86_64

tomcat

9.0.87-1.el8_10.3

tomcat-admin-webapps

9.0.87-1.el8_10.3

tomcat-docs-webapp

9.0.87-1.el8_10.3

tomcat-el-3.0-api

9.0.87-1.el8_10.3

tomcat-jsp-2.3-api

9.0.87-1.el8_10.3

tomcat-lib

9.0.87-1.el8_10.3

tomcat-servlet-4.0-api

9.0.87-1.el8_10.3

tomcat-webapps

9.0.87-1.el8_10.3

Связанные CVE

CVE-2024-50379

CVE-2025-24813

Ссылки на источники

Связанные уязвимости

RLSA-2025:3683

rocky

7 дней назад

Moderate: tomcat security update

ELSA-2025-3645

oracle-oval

4 месяца назад

ELSA-2025-3645: tomcat security update (MODERATE)

CVE-2024-50379

CVSS3: 9.8

ubuntu

8 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CVE-2024-50379

CVSS3: 8.1

redhat

8 месяцев назад

CVE-2024-50379

CVSS3: 9.8

nvd

8 месяцев назад