Package tomcat-webapps-1:9.0.87-1.el8_10.6.noarch
| Name | tomcat-webapps |
|---|---|
| Epoch | 1 |
| Version | 9.0.87 |
| Release | 1.el8_10.6 |
| Architecture | noarch |
| Website/URL | http://tomcat.apache.org/ |
| License | ASL 2.0 |
| Build Time | 2025-08-21 07:03:52 |
| Build Host | builder-x86-05.inferitos.ru |
| Summary | The ROOT web application for Apache Tomcat |
| Repositories | AppStream |
| Description | The ROOT web application for Apache Tomcat. |
| Errata | INFSA-2025:14177 |
| Size | 83 KiB |
| Source Project | tomcat-9.0.87-1.el8_10.6 |
| SHA-256 checksum | af3da9ce9183d7f1b6aa01a678f86370843f93f588d1caf8325be714317c899a |
×
![Full screenshot]()
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.6 - Resolves: RHEL-102193 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) * Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.5 - Resolves: RHEL-108486 tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) - Resolves: RHEL-108494 tomcat: Dos in multipart upload (CVE-2025-48988) - Resolves: RHEL-108502 tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - Resolves: RHEL-108510 tomcat: Denial of service (CVE-2025-52434) - Resolves: RHEL-108524 tomcat: Denial of service (CVE-2025-52520) - Resolves: RHEL-108518 tomcat: Denial of service (CVE-2025-53506) * Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.4 - Resolves: RHEL-91761 tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650) - Resolves: RHEL-71971 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337) * Wed Apr 02 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.3 - Resolves: RHEL-82934 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) - Resolves: RHEL-71708 tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379) * Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.2 - Resolves: RHEL-46167 tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750) * Mon Jun 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1.el8_10.1 - Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly - Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) - Resolves: RHEL-29250 tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Fri Jan 19 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-30 - Resolves: RHEL-6971 * Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-29 - Resolves: RHEL-17602 tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589) - tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) * Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-28 - Resolves: RHEL-13907 tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648) - Resolves: RHEL-13904 tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795) - Resolves: RHEL-12951 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794) - Resolves: RHEL-12544 tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) - Resolves: RHEL-2386 tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080) * Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-27 - Related: RHEL-12543 tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) - Bump release number