Astra Linux - уязвимость в tomcat9

🗓️ 03 May 2026 23:59:50Reported by AstraLinuxType

Tomcat9 resource allocation vulnerability; affects 11.0.0–11.0.7, 10.1.0–10.1.41, and 9.0.0–9.0.105; upgrade to 11.0.8, 10.1.42, or 9.0.106.

Reporter	Title	Published	Views	Family All 239
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.	9 Jul 202507:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2025-48976, CVE-2025-48988)	17 Jul 202518:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench	30 Oct 202520:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-48988, CVE-2025-49125 & CVE-2025-48976 )	14 Aug 202511:30	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities related to tomcat-embed-core library in IBM Business Automation Manager Open Editions.	4 Jul 202508:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Authentication Bypass, and improper allocation of resources in Apache Tomcat [CVE-2025-49125, CVE-2025-48976, CVE-2025-48988]	28 Aug 202521:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	15 Jul 202515:21	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	25 Sep 202511:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.	12 Aug 202509:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.104.jar	26 Aug 202517:51	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Astra Linux	1.7	x86-64	libtomcat9-embed-java	0:9.0.107-0+deb11u1.astra1	libtomcat9-embed-java_0:9.0.107-0+deb11u1.astra1_x86-64.deb
Astra Linux	1.7	x86-64	libtomcat9-java	0:9.0.107-0+deb11u1.astra1	libtomcat9-java_0:9.0.107-0+deb11u1.astra1_x86-64.deb
Astra Linux	1.7	x86-64	tomcat9	0:9.0.107-0+deb11u1.astra1	tomcat9_0:9.0.107-0+deb11u1.astra1_x86-64.deb
Astra Linux	1.7	x86-64	tomcat9-admin	0:9.0.107-0+deb11u1.astra1	tomcat9-admin_0:9.0.107-0+deb11u1.astra1_x86-64.deb
Astra Linux	1.7	x86-64	tomcat9-common	0:9.0.107-0+deb11u1.astra1	tomcat9-common_0:9.0.107-0+deb11u1.astra1_x86-64.deb
Astra Linux	1.7	x86-64	tomcat9-docs	0:9.0.107-0+deb11u1.astra1	tomcat9-docs_0:9.0.107-0+deb11u1.astra1_x86-64.deb
Astra Linux	1.7	x86-64	tomcat9-user	0:9.0.107-0+deb11u1.astra1	tomcat9-user_0:9.0.107-0+deb11u1.astra1_x86-64.deb

Source	Link
bdu	www.bdu.fstec.ru/vul/2025-07526
cve	www.cve.org/CVERecord

03 May 2026 23:59Current

7High risk

Vulners AI Score7

CVSS 37.5

CVSS 3.17.5

EPSS0.00759

SSVC