[ALSA-2025:23048] Important: tomcat security update
Type:
security
Severity:
important
Release date:
2025-12-11
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651) * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-docs-webapp-9.0.87-1.el8_10.7.noarch.rpm 210f3e89deb15ab6eb383cde8c42a20134b92bd8797a9073804d44ac19ef759f
noarch tomcat-lib-9.0.87-1.el8_10.7.noarch.rpm 38b98a3f1e3bbf95d77f766442b3e5802eac66a89c6e11d0abccf1ff5f4bbed4
noarch tomcat-el-3.0-api-9.0.87-1.el8_10.7.noarch.rpm 55c6e9ca55b3ceffe02bbc13b5769359c737fc62a0d0ab422d4e060df2d442b3
noarch tomcat-servlet-4.0-api-9.0.87-1.el8_10.7.noarch.rpm 58d74ffd1d8b384a07ee6d681db79c4bc1f63f3cbf3e9833ebda05a22b24a127
noarch tomcat-jsp-2.3-api-9.0.87-1.el8_10.7.noarch.rpm 78e877fb894340c7243a12b5f6c27663933c36ef6d8b21f4164579cb030443ae
noarch tomcat-9.0.87-1.el8_10.7.noarch.rpm a8497857fa2af3716142a83dba11e2862dd550c76430fa4384a0afcb53557bff
noarch tomcat-admin-webapps-9.0.87-1.el8_10.7.noarch.rpm c10358e6587ddb87ef7f214d87adb4548a5997e45971cfbb6ef63967b231d31b
noarch tomcat-webapps-9.0.87-1.el8_10.7.noarch.rpm fb5087d0d235df266c90565f5bbe140fdacc3b9741230fe7a57d68f0f4a4064a
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.