ROOT-APP-MAVEN-CVE-2025-48989 CVE-2025-48989 in io.root.org.apache.tomcat:tomcat-coyote - Patched by Root

Root has patched CVE-2025-48989 in the io.root.org.apache.tomcat:tomcat-coyote package for Root:Maven. Multiple fixed versions available...

MiracleLinux 9 : tomcat-9.0.87-3.el9_6.3 (AXSA:2025-10779:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10779:06 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-4912...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.10)

The version of AOS installed on the remote host is prior to 7.0.1.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.10 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.11)

The version of AOS installed on the remote host is prior to 6.10.1.11. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.11 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...

TencentOS Server 3: tomcat (TSSA-2025:0797)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0797 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Advisory ROSA-SA-2025-3033

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-14 affected versions tomcat-9.0.37-14 CVE-ID: CVE-2025-48989 BDU-ID: 2025-09899 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HTTP2 handler of the Apache Tomcat application server is related to incorrect resource...

tomcat9 security update

An update is available for tomcat9. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tomcat is the servlet container that is used in the official Reference...

Important: tomcat10

Issue Overview: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also...

CLSA-2025-1757011448 tomcat: Fix of CVE-2025-48989

CVE-2025-48989: fix improper resource shutdown vulnerability to prevent reset attack...

Important: tomcat

Issue Overview: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:03006-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03006-1 advisory. Updated to Tomcat 10.1.44: - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset bsc12438...

Security update for tomcat10

This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.44: CVE-2025-48989: Fixed "MadeYouReset" DoS in HTTP/2 due to client triggered stream reset bsc1243895 Other fixes: Catalina Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one or...

SUSE-SU-2025:02992-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.10 - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset bsc1243895 Other fixes: Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one ...

Alibaba Cloud Linux 3 : 0142: tomcat (ALINUX3-SA-2025:0142)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0142 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-48976: Allocation of resources fo...

CVE-2025-48989

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

CVE-2025-48989

creationtimestamp| type| source ---|---|--- 2025-08-13 11:07:45+00:00| seen| https://seclists.org/oss-sec/2025/q3/95 2025-08-13 13:35:31+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwbwxk3ea727 2025-08-13 22:56:50+00:00| seen|...

KLA86659 DoS vulnerability in Apache Tomcat

Denial of service vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Fixed in Apache Tomcat 9.0.108 Related products Apache-Tomcat CVE list CVE-2025-48989 critical Solution Update to the latest version Tomcat 9....

Fixed in Apache Tomcat 11.0.10

Important: DoS in HTTP/2 due to client triggered stream reset CVE-2025-48989 Tomcat's HTTP/2 implementation was vulnerable to the made you reset attack. The denial of service typically manifested as an OutOfMemoryError. This was fixed with commit f362c8eb. This issue was reported to the ASF...