Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

[SECURITY] [DLA 4468-1] tomcat9 security update

Debian LTS Advisory DLA-4468-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 05, 2026 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.107-0+deb11u2 CVE ID : CVE-2025-55752 CVE-2025-55754 CVE-2025-61795 Several security vulnerabilities have...

MiracleLinux 9 : tomcat-9.0.87-6.el9_7.1 (AXSA:2025-11556:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11556:10 advisory. tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve CVE-2025-31651 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversa...

CLSA-2025-1765903038 tomcat: Fix of CVE-2025-55752

CVE-2025-55752: fix relative path traversal vulnerability by normalizing rewritten URLs before decoding to prevent bypassing security constraints and potential remote code execution via PUT requests...

Alibaba Cloud Linux 3 : 0193: tomcat (ALINUX3-SA-2025:0193)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0193 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-31651: Improper Neutralization of...

AlmaLinux 8 : tomcat (ALSA-2025:23048)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23048 advisory. tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve CVE-2025-31651 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via...

Oracle Linux 10 : tomcat9 (ELSA-2025-23052)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23052 advisory. - Resolves: RHEL-124497 tomcat: Directory traversal via rewrite with possible RCE CVE-2025-55752 Tenable has extracted the preceding description bloc...

RHEL 8 : tomcat (RHSA-2025:23045)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23045 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...

SUSE: Security Advisory (SUSE-SU-2025:4184-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:4103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:4103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2025-023 (ALASTOMCAT9-2025-023)

The version of tomcat installed on the remote host is prior to 9.0.110-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-023 advisory. Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update

Red Hat JBoss Web Server 6.1.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives ...

OESA-2025-2560 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

Apache Tomcat Directory Traversal Vulnerability (Oct 2025) - Linux

Apache Tomcat is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

CVE-2025-55752

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...