[ALSA-2025:23049] Important: tomcat security update
Type:
security
Severity:
important
Release date:
2025-12-17
Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651) * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
noarch tomcat-webapps-9.0.87-6.el9_7.1.noarch.rpm 042554fe7afabe09276b1305abf50e78f75a9609f790479647d629d727a576dc
noarch tomcat-9.0.87-6.el9_7.1.noarch.rpm 743c7841f36b95beb9dbcde26837da06819a5019f6670219fc7a646489448e11
noarch tomcat-jsp-2.3-api-9.0.87-6.el9_7.1.noarch.rpm 76cb4ffb4eb97a09c9cef86ca036e2b88d29aa94ada18ce6635fffda4ecaa81c
noarch tomcat-lib-9.0.87-6.el9_7.1.noarch.rpm 942047935da08addb54d45219557320d0cd24f1482b6925cbdda4a2b046e6a90
noarch tomcat-docs-webapp-9.0.87-6.el9_7.1.noarch.rpm c5697771592ec914240d11f052f4c535546182c352a02e37d58cba7c4ba44b4f
noarch tomcat-el-3.0-api-9.0.87-6.el9_7.1.noarch.rpm de3401154ba76a426408986737cced54f5d01cabf3f2f49fa8bde03b7b4ef6a0
noarch tomcat-admin-webapps-9.0.87-6.el9_7.1.noarch.rpm e54e22787bbfa9c1bc1183daf0620641e601542ab4e10dd85c4c2209a923f831
noarch tomcat-servlet-4.0-api-9.0.87-6.el9_7.1.noarch.rpm ed13f327020324dcc7aaef5dd4512d55cbf108e9c69b959a3aa63f1de6fb189b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.