tomcat-9.0.87-2.el8_10
エラータID: AXSA:2026-1262:04
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor (CVE-2026-29146)
* Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass (CVE-2026-34486)
Bug Fix(es) and Enhancement(s):
* Remove tomcat clustering JAR from RPM builds (JIRA:RHEL-183993)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-29146
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.
CVE-2026-34486
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
Update packages.
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
N/A
SRPMS
- tomcat-9.0.87-2.el8_10.src.rpm
MD5: 58de46c0c549c8af83b42f48c5edd665
SHA-256: 03b84e48e0dcd04fe214317ff69c56aae712a38a205858750f3e845e728763a4
Size: 15.14 MB
Asianux Server 8 for x86_64
- tomcat-9.0.87-2.el8_10.noarch.rpm
MD5: 0edd4cbc5ffd79e67c747009f20d4de7
SHA-256: 144066e65dca4c8c86b1dbdaf4aee7100a9c196fb156e1f89c1b98528e8123f6
Size: 94.72 kB - tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm
MD5: d9a5c8298c557b805264b960a6ff7880
SHA-256: 79bbeee29e3e3ee3512218e6522015a9f3035bedad5b4247422c49b654900d1f
Size: 75.65 kB - tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm
MD5: 270dbf0ae0d02e5a8cb07b0da6c3abb9
SHA-256: 72b7ad4ac98fbe05ea3d047a126bedee31c6c0a825a12e6196280557f2d7cf4c
Size: 757.73 kB - tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm
MD5: e995dea50e055bfbc649bafc02ff1e56
SHA-256: d0fa226037435b37e1f098a0d2e149537be1fcb645507f05bb5e71ed99209ea7
Size: 108.68 kB - tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm
MD5: 152d17e775e891efca91014a01ac90bc
SHA-256: 202bd7749dc8383387f257121f8ff3d10735633987f918207a701042473c7800
Size: 74.57 kB - tomcat-lib-9.0.87-2.el8_10.noarch.rpm
MD5: 0531062ba0c7f27301283e7d085452e0
SHA-256: 9e9ae6f4bb3baad5efc9840437aafd550cee76e8a9c7fb5e633d72dd4f56a594
Size: 5.66 MB - tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm
MD5: 4e1cbd594bd7f127982bad69e54ec350
SHA-256: b7e45f02996cb21950b6e9b853e3228e5ced3b0c86e4a251ce9cc5ae4efef13f
Size: 289.26 kB - tomcat-webapps-9.0.87-2.el8_10.noarch.rpm
MD5: e0643dcdf2414320ed2a5125a7ec56fe
SHA-256: dbe0cd5fbe52057945afb9d573de05a603286eb98eceafb8bc655979d6db865b
Size: 83.09 kB