Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
* tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
* apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
* tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* tomcat: Apache Tomcat denial of service (CVE-2025-52520)
* tomcat: Apache Tomcat denial of service (CVE-2025-52434)
* tomcat: Apache Tomcat denial of service (CVE-2025-53506)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| noarch |
tomcat-jsp-2.3-api-9.0.87-3.el9_6.3.noarch.rpm |
3d1b2f60c937138eabe2a357da202ce1e61407aaf1616e6636ffdb263d80eeff |
| noarch |
tomcat-admin-webapps-9.0.87-3.el9_6.3.noarch.rpm |
557fd1368406aa21877f8e8d659b54ca1dd55cb657555f0672c46c69ae0fd2d4 |
| noarch |
tomcat-el-3.0-api-9.0.87-3.el9_6.3.noarch.rpm |
55d082d20841c00e2b3d849f9bc6bc808658ec95f9c55afd25f9ef4a890a6c6e |
| noarch |
tomcat-lib-9.0.87-3.el9_6.3.noarch.rpm |
60dc40355b5199b744c4e87c95aea98eef6b463881fb693fcdf9a5cff1e8fbe9 |
| noarch |
tomcat-docs-webapp-9.0.87-3.el9_6.3.noarch.rpm |
8eb1f3d95d9f23b78e0d9c85b4fb6e5b9a81c47c74e5aac9045745ac9811aa28 |
| noarch |
tomcat-9.0.87-3.el9_6.3.noarch.rpm |
9238596ca9828174c3c53c5045a85daad045caa5c2f5bebe482aaaafb2f01a33 |
| noarch |
tomcat-servlet-4.0-api-9.0.87-3.el9_6.3.noarch.rpm |
927f314c3f4a4cdf02014141604408eea896e608ce5cb8e84c4701181bafb6b6 |
| noarch |
tomcat-webapps-9.0.87-3.el9_6.3.noarch.rpm |
e7004fac42215d59539ca6924f81d84a43afaf93ca89f3a4e773f49e2682545a |
