Package tomcat-1:9.0.87-1.el8_10.6.src
| Name | tomcat |
|---|---|
| Epoch | 1 |
| Version | 9.0.87 |
| Release | 1.el8_10.6 |
| Architecture | src |
| Website/URL | http://tomcat.apache.org/ |
| License | ASL 2.0 |
| Build Time | 2025-08-21 07:02:35 |
| Build Host | builder-x86-05.inferitos.ru |
| Summary | Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API |
| Repositories | AppStream |
| Description | Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. |
| Errata | — |
| Size | 15489 KiB |
| Source Project | tomcat-9.0.87-1.el8_10.6 |
| SHA-256 checksum | 3d5bf8ef86e926795f811019cda0df5181a56e8169e1a69079c0eaec34848db3 |
×
![Full screenshot]()
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.6 - Resolves: RHEL-102193 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) * Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.5 - Resolves: RHEL-108486 tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) - Resolves: RHEL-108494 tomcat: Dos in multipart upload (CVE-2025-48988) - Resolves: RHEL-108502 tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - Resolves: RHEL-108510 tomcat: Denial of service (CVE-2025-52434) - Resolves: RHEL-108524 tomcat: Denial of service (CVE-2025-52520) - Resolves: RHEL-108518 tomcat: Denial of service (CVE-2025-53506) * Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650) - Resolves: RHEL-71971 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337) * Wed Apr 02 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.3 - Resolves: RHEL-82934 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) - Resolves: RHEL-71708 tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379) * Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.2 - Resolves: RHEL-46167 tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750) * Mon Jun 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1.el8_10.1 - Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly - Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) - Resolves: RHEL-29250 tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Fri Jan 19 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-30 - Resolves: RHEL-6971 * Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-29 - Resolves: RHEL-17602 tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589) - tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-28 - Resolves: RHEL-13907 tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648) - Resolves: RHEL-13904 tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795) - Resolves: RHEL-12951 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794) - Resolves: RHEL-12544 tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) - Resolves: RHEL-2386 tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080) * Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-27 - Related: RHEL-12543 tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) - Bump release number