tomcat-9.0.87-6.el9_7.1
エラータID: AXSA:2025-11556:10
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
CVE-2025-55752
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
Update packages.
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
N/A
SRPMS
- tomcat-9.0.87-6.el9_7.1.src.rpm
MD5: b010aed33ad79b7d493087057f04147a
SHA-256: 61d0f1e4e0bbc64c697694a50800dcab57fa6d0c0d3d4d55911b5d62207866d8
Size: 15.14 MB
Asianux Server 9 for x86_64
- tomcat-9.0.87-6.el9_7.1.noarch.rpm
MD5: 2eb59a6c384f59c583969c2fa6da7f3e
SHA-256: fc9fce23a67a30bb25a80fe4f239403e3d3fc94a475836176f51d3cb9270a018
Size: 97.81 kB - tomcat-admin-webapps-9.0.87-6.el9_7.1.noarch.rpm
MD5: 40a063af7d8afcda210e54501891ee52
SHA-256: 6163ff2a6a09535bf455043da1a6b8b1a1ed68d1be3cb94ab4674e1439019897
Size: 78.65 kB - tomcat-docs-webapp-9.0.87-6.el9_7.1.noarch.rpm
MD5: 941372e68a01b2faece22c790c6323d1
SHA-256: 18be4eb8c736f4de8cb357014fef9799a5a1c9cbb0702b19a8e2a863c6555a19
Size: 725.07 kB - tomcat-el-3.0-api-9.0.87-6.el9_7.1.noarch.rpm
MD5: d2ab4d39002bb8c7cecd8cb293a5b820
SHA-256: 04710df5fadb334ed75bcee6f8c54f248f395d45fb69643059f5a3ff5620ec48
Size: 104.39 kB - tomcat-jsp-2.3-api-9.0.87-6.el9_7.1.noarch.rpm
MD5: b2e2ebdc325a066e78c4631d2c58bc78
SHA-256: 4eb902ec93a727b60607b71dae17823b0fcf91cf8f5169bf7cef4c49e03c9eb6
Size: 71.36 kB - tomcat-lib-9.0.87-6.el9_7.1.noarch.rpm
MD5: 6b6cf86c5961d4a6d1cc5f955e53ec6d
SHA-256: fd342a53b46dc460b51db378fb5673a54369ac4ab68bb9365ce1870c7a7cae4b
Size: 5.98 MB - tomcat-servlet-4.0-api-9.0.87-6.el9_7.1.noarch.rpm
MD5: 00ed2c4f5620785e05ff634393458f7d
SHA-256: d6a6ca3a8a4deafbc6b10dabb3f2586c7fe68bbfea9d522c9d341deec8afbd37
Size: 283.33 kB - tomcat-webapps-9.0.87-6.el9_7.1.noarch.rpm
MD5: 9193cc119148eddca6f9fa7bf675beaa
SHA-256: 7fb56f932a7884cd37c30e35f069ebb85808f075eaf553a8534af36dca58fb97
Size: 79.54 kB
日本語