[Apollo] Advisories Statistics light light Login

RLSA-2025:23049

Security Mirrored from RHSA-2025:23049
Issued at: 2025-12-11
Updated at: 2025-12-25

Synopsis

Important: tomcat security update



Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)

* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2362782 2406591

CVEs

CVE-2025-31651 CVE-2025-55752

Affected packages

Rocky Linux 9 x86_64 - AppStream

tomcat-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-1:9.0.87-6.el9_7.1.src.rpm tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-lib-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-webapps-1:9.0.87-6.el9_7.1.noarch.rpm

Rocky Linux 9 aarch64 - AppStream

tomcat-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-1:9.0.87-6.el9_7.1.src.rpm tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-lib-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-webapps-1:9.0.87-6.el9_7.1.noarch.rpm

Rocky Linux 9 s390x - AppStream

tomcat-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-1:9.0.87-6.el9_7.1.src.rpm tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-lib-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-webapps-1:9.0.87-6.el9_7.1.noarch.rpm

Rocky Linux 9 ppc64le - AppStream

tomcat-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-1:9.0.87-6.el9_7.1.src.rpm tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-lib-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch.rpm tomcat-webapps-1:9.0.87-6.el9_7.1.noarch.rpm