tomcat-9.0.87-1.el8_10.7
エラータID: AXSA:2025-11520:09
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
CVE-2025-55752
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
Update packages.
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
N/A
SRPMS
- tomcat-9.0.87-1.el8_10.7.src.rpm
MD5: e016e7787e6121faffef6f45c32965b6
SHA-256: 7ae1dbe31768bdfd748e2536bf623c8505af7d663dd80afa69ac73895b151b1c
Size: 15.13 MB
Asianux Server 8 for x86_64
- tomcat-9.0.87-1.el8_10.7.noarch.rpm
MD5: 0f2ae759dd97b0b3c8bf9398d0430a55
SHA-256: 6bbc88f7c22a4fee97ca9057d4ba53b62b9ae585b23e72465df4c0ce1bcbc587
Size: 94.61 kB - tomcat-admin-webapps-9.0.87-1.el8_10.7.noarch.rpm
MD5: a45cf8e6c4643877842bba453ae97207
SHA-256: b19412cd4984ebc0f72a6d996a2d418747e68170fa907366680aae6b34f71832
Size: 75.55 kB - tomcat-docs-webapp-9.0.87-1.el8_10.7.noarch.rpm
MD5: dbbe7b26add2e2f38212ad080add09b2
SHA-256: 03355e2deec6b8e6407859c47147311a3c7fe386682a2062a8a147631e8bce97
Size: 757.50 kB - tomcat-el-3.0-api-9.0.87-1.el8_10.7.noarch.rpm
MD5: 1499736cfec88e9851fd1125cf1637ee
SHA-256: bc4d5e836bb237897b38def6b1fba4a265681755751f5d62bc55dc99394592c3
Size: 108.57 kB - tomcat-jsp-2.3-api-9.0.87-1.el8_10.7.noarch.rpm
MD5: 291b0400c7bafadbde3e0a6bea4683b6
SHA-256: d5abc615f2a7caeda0ac31797d4af0ee70818763fb97f2616b86e36da97c8603
Size: 74.46 kB - tomcat-lib-9.0.87-1.el8_10.7.noarch.rpm
MD5: d587e9d79b4e238851cc8bfb5f3419e0
SHA-256: 299c9e72d80de052d013e7097f3d064bbf30890f0bcdb061b54ef0e7d9d431f9
Size: 6.05 MB - tomcat-servlet-4.0-api-9.0.87-1.el8_10.7.noarch.rpm
MD5: 93077d69a3f3baae3b0bddc5fccb9456
SHA-256: 8740db0411cb918c83f3b87621dd0aa696ac45b71125362f2ba4c042df561912
Size: 289.15 kB - tomcat-webapps-9.0.87-1.el8_10.7.noarch.rpm
MD5: 3a53880d658a05f521f45e73529c43fd
SHA-256: dc254b40033cfc8ba5154785debb76dee1c0698f1ce8721c4ebd6f8b9313e42b
Size: 82.97 kB