pki-servlet-engine-9.0.50-1.el9_2.2

エラータID: AXSA:2025-10718:01

Release date: 
Friday, August 8, 2025 - 18:15
Subject: 
pki-servlet-engine-9.0.50-1.el9_2.2
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Tomcat is the servlet engine that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies. The Java
Servlet and JavaServer Pages specifications are developed by Sun under the Java
Community Process. Tomcat is developed in an open and participatory environment
and released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.

Security Fix(es):

* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2024-50379
A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition
occurs during JSP compilation on case-insensitive file systems when the default
servlet is enabled for writing. This vulnerability allows an uploaded file to be
treated as a JSP and executed, resulting in remote code execution.

Solution: 

Update packages.

CVEs: 
CVE-2024-50379
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. pki-servlet-engine-9.0.50-1.el9_2.2.src.rpm
    MD5: fd20334de7dc2b50ea126cb58a67b5ae
    SHA-256: c1e2150e0acb473391b1bfd5dbf71f65b3ea501b421cd8be4526c9c983f50dec
    Size: 14.17 MB

Asianux Server 9 for x86_64
  1. pki-servlet-4.0-api-9.0.50-1.el9_2.2.noarch.rpm
    MD5: 04e69c68df04f6efa38081b8c8ff477a
    SHA-256: 3244cf36c8247356a0ad6fc9ed596c89861636613363e8d27eacc24fea2b5e34
    Size: 280.11 kB
  2. pki-servlet-engine-9.0.50-1.el9_2.2.noarch.rpm
    MD5: 413d08e8bfae5de37718fdf7415958c8
    SHA-256: 16e952702e736af903a424368d1143f94bb697fb52d54c125f6b2f3549c1db18
    Size: 5.52 MB