Описание
Security update for tomcat
This update for tomcat fixes the following issues:
- CVE-2025-46701: Refactored CGI servlet to access resources via WebResources (bsc#1243815).
- CVE-2025-48988: Limited the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656).
- CVE-2025-49125: Expand checks for webAppMount (bsc#1244649).
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:02214-1
- E-Mail link for SUSE-SU-2025:02214-1
- SUSE Security Ratings
- SUSE Bug 1243815
- SUSE Bug 1244649
- SUSE Bug 1244656
- SUSE CVE CVE-2025-46701 page
- SUSE CVE CVE-2025-48988 page
- SUSE CVE CVE-2025-49125 page
Описание
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.
Затронутые продукты
Ссылки
- CVE-2025-46701
- SUSE Bug 1243815
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-48988
- SUSE Bug 1244656
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-49125
- SUSE Bug 1244649