Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
* tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
* apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
* tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* tomcat: Apache Tomcat denial of service (CVE-2025-52520)
* tomcat: Apache Tomcat denial of service (CVE-2025-52434)
* tomcat: Apache Tomcat denial of service (CVE-2025-53506)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| noarch |
tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm |
07892dbc5479ed243d03dae1a2858b2b4368a52f9f2e1ac4617d6fc51a8714d3 |
| noarch |
tomcat-9.0.87-1.el8_10.6.noarch.rpm |
1017a453e566533f3140e5676e8813ebcbc6d193040d2f206d03be14678fcf09 |
| noarch |
tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpm |
196a5a44c831e80bec8605d34c2c8726e2ca0cef4cd959e91619ba345e4f66ea |
| noarch |
tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpm |
3b7fe6c85b79458899844aefd2b0e27a0a9cc021442c5b739bb8dcfaa30c8d68 |
| noarch |
tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm |
610b96a539f76051e9c829d71aeff3f1ca9a3cb7bd1f9488889325f01b65ef27 |
| noarch |
tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm |
66e7e89c150ef81d94ca70dac6fcdd9445efc45e6ffeb8892c63233e7a01f8e5 |
| noarch |
tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm |
c94172c02f2165713ec51362ab75f373c9b5ceea5e31b9771334c240ce188210 |
| noarch |
tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm |
f4e9ae85e92ee3dca2309f341e712423e9bf3da7aa66a219833683933165cd9d |
