[ All 3 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ]
×

Project tomcat-1:9.0.87-3.el9_6.3

Name tomcat
Epoch 1
Version 9.0.87
Release 3.el9_6.3
Website/URL http://tomcat.apache.org/
License ASL 2.0
Build Time 2025-08-21 06:59:08
Build Host builder-arm64-1.inferitos.ru
Summary Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API
Repositories AppStream
Description Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Errata
× Full screenshot
Found 2 old versions
Packages link
Package Summary SHA-256 checksum
noarch
tomcat-1:9.0.87-3.el9_6.3.noarch Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API b57aca539e194e25c0b584ba21f4f03eb1bd1dc274ad277fd61b0f53357c882a download
tomcat-admin-webapps-1:9.0.87-3.el9_6.3.noarch The host-manager and manager web applications for Apache Tomcat a60da5c5b1b71efda6844ae22bfa11adb36b0563bb7a48baede58dc3560ee3c0 download
tomcat-docs-webapp-1:9.0.87-3.el9_6.3.noarch The docs web application for Apache Tomcat 1d74cad04ec1efc33fda9ce23eeb02e45efd08dc5eef5de447996df738d43efa download
tomcat-el-3.0-api-1:9.0.87-3.el9_6.3.noarch Apache Tomcat Expression Language v3.0 API Implementation Classes 4e0c8850c6ad747ef47b34e99561be654c3fccdfeaa4b3686098a94713d55be5 download
tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.3.noarch Apache Tomcat JavaServer Pages v2.3 API Implementation Classes 390972bc789594b86e2eba35bdbfd60b5870687984ac511c74c18c1a91c4d652 download
tomcat-lib-1:9.0.87-3.el9_6.3.noarch Libraries needed to run the Tomcat Web container 428033e259cc918e8aec30537b52c7418fb49f28a69929c8caa046c657ea13b9 download
tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.3.noarch Apache Tomcat Java Servlet v4.0 API Implementation Classes 68914a805052a4e1dc3722a2f8fb0333afc87d9db241192a1142568a9c9c546d download
tomcat-webapps-1:9.0.87-3.el9_6.3.noarch The ROOT web application for Apache Tomcat e9f10915eb2fa65249f62b5db9f92521811d99bbecc0d64c4f94e0b182237547 download
src
tomcat-1:9.0.87-3.el9_6.3.src Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API 0a7bea0cd251e3ebd6c52588d8e396cd4b5fc0d1f4a2c7ce4ec779a4b27a6e26 download
Changelog link
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3.el9_6.3
- Resolves: RHEL-102200
  tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)

* Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3.el9_6.2
- Resolves: RHEL-108491
  tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108499
  tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108507
  tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108515
  tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108531
  tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108527
  tomcat: Denial of service (CVE-2025-53506)

* Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3.el9_6.1
- Resolves: RHEL-91765
  tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-71981
  tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)

* Tue Apr 08 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
- Resolves: RHEL-82945
  tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71723
  tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
- Resolves: RHEL-46163
  tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
- Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat

* Fri May 03 2024 Sokratis Zappis <szappis@redhat.com> - 1:9.0.87-1
- Resolves: RHEL-35812 - Rebase tomcat to version 9.0.87
- Resolves: RHEL-29257
  tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)
- Resolves: RHEL-29252
  tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)
- Resolves: RHEL-53001 - Amend tomcat's changelog
  (CVE-2023-46589, CVE-2023-45648, CVE-2023-42795, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080)

* Thu Jan 18 2024 Hui Wang <huwang@redhat.com> - 1:9.0.62-39
- Resolves: RHEL-17605
  tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)

* Thu Nov 23 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-38
- Resolves: RHEL-13908
  tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
- Resolves: RHEL-13905
  tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
- Resolves: RHEL-12952
  tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
- Resolves: RHEL-12552
  tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Resolves: RHEL-2388
  tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)

* Fri Oct 13 2023 Hui Wang <huwang@redhat.com> - 1:9.0.62-37
- Resolves: RHEL-12551
  tomcat: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
- Remove JDK subpackges which are unused

* Fri Aug 25 2023 Coty Sutherland <csutherl@redhat.com> - 1:9.0.62-16
- Related: #2184133 Declare file conflicts