RockyLinux 10 : tomcat (RLSA-2026:18537)

🗓️ 03 Jun 2026 00:00:00Reported by TenableType

RockyLinux 10 hosts have Tomcat vulnerabilities per advisory RLSA-2026:18537.

Reporter	Title	Published	Views	Family All 360
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench	30 Oct 202520:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.	24 Mar 202613:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	1 Dec 202516:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	9 Dec 202515:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4	23 Apr 202612:28	–	ibm
IBM Security Bulletins	Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1	15 May 202615:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat (CVE-2025-55752, CVE-2025-55754, CVE-2025-61795)	27 Feb 202615:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Handling of Case Sensitivity in Apache Tomcat [CVE-2025-46701]	28 Aug 202517:11	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management	10 Apr 202614:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)	18 Nov 202515:30	–	ibm

Source	Link
errata	www.errata.rockylinux.org/RLSA-2026:18537
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2026:18537.
##

include('compat.inc');

if (description)
{
  script_id(318307);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/03");

  script_cve_id("CVE-2025-46701", "CVE-2025-55668", "CVE-2025-55754");
  script_xref(name:"RLSA", value:"2026:18537");

  script_name(english:"RockyLinux 10 : tomcat (RLSA-2026:18537)");

  script_set_attribute(attribute:"synopsis", value:
"The remote RockyLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2026:18537 advisory.

    * tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)

    * org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve
    (CVE-2025-55668)

    * org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2026:18537");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2388226");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2406590");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2369253");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/U:Clear");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-55754");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-46701");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/05/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat-admin-webapps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat-docs-webapp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat-el-5.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat-jsp-3.1-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat-lib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat-servlet-6.0-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:tomcat-webapps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Rocky Linux' >!< os_product) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
if (! preg(pattern:"^10([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'RockyLinux 10.x', 'Rocky Linux ' + os_version);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var constraints = [
  {
    'release': '10',
    'pkgs': [
      {'reference':'tomcat-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'tomcat-admin-webapps-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'tomcat-docs-webapp-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'tomcat-el-5.0-api-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'tomcat-jsp-3.1-api-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'tomcat-lib-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'tomcat-servlet-6.0-api-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'tomcat-webapps-10.1.49-1.el10_2.1', 'el_string':'el10_2', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc');
}

03 Jun 2026 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 3.19.6

EPSS0.00135

SSVC