Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-31651 (GCVE-0-2025-31651)
Vulnerability from cvelistv5 – Published: 2025-04-28 19:17 – Updated: 2026-02-26 18:27
VLAI?
EPSS
Title
Apache Tomcat: Bypass of rules in Rewrite Valve
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible
for a specially crafted request to bypass some rewrite rules. If those
rewrite rules effectively enforced security constraints, those
constraints could be bypassed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.5
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.39 (semver) Affected: 9.0.0.M1 , ≤ 9.0.102 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 8.0.0.RC1 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
COSCO Shipping Lines DIC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:12.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/28/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:44.862157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:59.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.5",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.39",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.102",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "8.0.0.RC1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "COSCO Shipping Lines DIC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u0026nbsp;For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u00a0For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:46:27.496Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Bypass of rules in Rewrite Valve",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-31651",
"datePublished": "2025-04-28T19:17:21.721Z",
"dateReserved": "2025-03-31T12:25:25.164Z",
"dateUpdated": "2026-02-26T18:27:59.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-31651\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-04-28T20:15:20.783\",\"lastModified\":\"2025-11-03T20:18:25.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u00a0For a subset of unlikely rewrite rule configurations, it was possible \\nfor a specially crafted request to bypass some rewrite rules. If those \\nrewrite rules effectively enforced security constraints, those \\nconstraints could be bypassed.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \\nmay also be affected.\\n\\n\\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de neutralizaci\u00f3n incorrecta de secuencias de escape, metadatos o de control en Apache Tomcat. En un subconjunto de configuraciones improbables de reglas de reescritura, una solicitud especialmente manipulada pod\u00eda eludir algunas reglas de reescritura. Si dichas reglas aplicaban restricciones de seguridad de forma eficaz, estas pod\u00edan eludirse. Este problema afecta a Apache Tomcat: de la 11.0.0-M1 a la 11.0.5, de la 10.1.0-M1 a la 10.1.39 y de la 9.0.0.M1 a la 9.0.102. Se recomienda a los usuarios actualizar a la versi\u00f3n [FIXED_VERSION], que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.104\",\"matchCriteriaId\":\"BB09D245-9455-444D-8265-743642DD53C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.40\",\"matchCriteriaId\":\"E5BD6C26-75CE-4DDC-BF4D-5A5187BD4CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.6\",\"matchCriteriaId\":\"9331B3B3-C3C4-4D12-BE11-043F6614B2D3\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/list.html?announce@tomcat.apache.org\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/04/28/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/28/3\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:53:12.871Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31651\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-30T03:55:44.862157Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-06T20:12:30.307Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: Bypass of rules in Rewrite Valve\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"COSCO Shipping Lines DIC\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.5\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.39\"}, {\"status\": \"affected\", \"version\": \"9.0.0.M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.102\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"unknown\", \"version\": \"8.0.0.RC1\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/list.html?announce@tomcat.apache.org\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\\u00a0For a subset of unlikely rewrite rule configurations, it was possible \\nfor a specially crafted request to bypass some rewrite rules. If those \\nrewrite rules effectively enforced security constraints, those \\nconstraints could be bypassed.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \\nmay also be affected.\\n\\n\\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u0026nbsp;For a subset of unlikely rewrite rule configurations, it was possible \\nfor a specially crafted request to bypass some rewrite rules. If those \\nrewrite rules effectively enforced security constraints, those \\nconstraints could be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \\nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-116\", \"description\": \"CWE-116 Improper Encoding or Escaping of Output\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:46:27.496Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-31651\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T18:27:59.801Z\", \"dateReserved\": \"2025-03-31T12:25:25.164Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-04-28T19:17:21.721Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:19810
Vulnerability from csaf_redhat - Published: 2025-11-06 16:24 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update
Severity
Important
Notes
Topic: Red Hat JBoss Web Server 6.1.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security Fix(es):
* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)
* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2025:19810
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2025:19810
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
5.3 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2025:19810
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.1.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)\n* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19810",
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19810.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:37+00:00",
"generator": {
"date": "2026-03-18T20:51:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:19810",
"initial_release_date": "2025-11-06T16:24:24+00:00",
"revision_history": [
{
"date": "2025-11-06T16:24:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T15:57:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1.3",
"product": {
"name": "Red Hat JBoss Web Server 6.1.3",
"product_id": "Red Hat JBoss Web Server 6.1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.1.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:24:24+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.1.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:24:24+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.1.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:24:24+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.1.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2025:23051
Vulnerability from csaf_redhat - Published: 2025-12-10 14:38 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23051
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23051
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23051
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23051",
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23051.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:44+00:00",
"generator": {
"date": "2026-03-18T20:51:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23051",
"initial_release_date": "2025-12-10T14:38:53+00:00",
"revision_history": [
{
"date": "2025-12-10T14:38:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:38:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-5.0-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-1.el10_0.3.src",
"product": {
"name": "tomcat-1:10.1.36-1.el10_0.3.src",
"product_id": "tomcat-1:10.1.36-1.el10_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-1.el10_0.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-1.el10_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src"
},
"product_reference": "tomcat-1:10.1.36-1.el10_0.3.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2026:0293
Vulnerability from csaf_redhat - Published: 2026-01-08 07:28 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: pki-servlet-engine security update
Severity
Important
Notes
Topic: An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:0293
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:0293
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0293",
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0293.json"
}
],
"title": "Red Hat Security Advisory: pki-servlet-engine security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:45+00:00",
"generator": {
"date": "2026-03-18T20:51:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:0293",
"initial_release_date": "2026-01-08T07:28:53+00:00",
"revision_history": [
{
"date": "2026-01-08T07:28:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T07:28:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.50-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"product_id": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.50-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"product": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"product_id": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.50-1.el9_2.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
},
"product_reference": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:28:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:28:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23046
Vulnerability from csaf_redhat - Published: 2025-12-10 14:55 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23046
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23046
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23046",
"url": "https://access.redhat.com/errata/RHSA-2025:23046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23046.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:42+00:00",
"generator": {
"date": "2026-03-18T20:51:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23046",
"initial_release_date": "2025-12-10T14:55:18+00:00",
"revision_history": [
{
"date": "2025-12-10T14:55:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:55:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_2.7.src",
"product": {
"name": "tomcat-1:9.0.87-1.el9_2.7.src",
"product_id": "tomcat-1:9.0.87-1.el9_2.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el9_2.7.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el9_2.7.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el9_2.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_2.7?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_2.7.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src"
},
"product_reference": "tomcat-1:9.0.87-1.el9_2.7.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el9_2.7.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el9_2.7.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:55:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23046"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:55:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23046"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-1:9.0.87-1.el9_2.7.src",
"AppStream-9.2.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-lib-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.7.noarch",
"AppStream-9.2.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el9_2.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23047
Vulnerability from csaf_redhat - Published: 2025-12-10 15:12 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23047
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23047
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23047",
"url": "https://access.redhat.com/errata/RHSA-2025:23047"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23047.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:43+00:00",
"generator": {
"date": "2026-03-18T20:51:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23047",
"initial_release_date": "2025-12-10T15:12:13+00:00",
"revision_history": [
{
"date": "2025-12-10T15:12:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T15:12:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_4.7.src",
"product": {
"name": "tomcat-1:9.0.87-1.el9_4.7.src",
"product_id": "tomcat-1:9.0.87-1.el9_4.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el9_4.7.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el9_4.7.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el9_4.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_4.7?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_4.7.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src"
},
"product_reference": "tomcat-1:9.0.87-1.el9_4.7.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el9_4.7.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el9_4.7.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:12:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23047"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:12:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23047"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.7.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.7.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2026:0292
Vulnerability from csaf_redhat - Published: 2026-01-08 07:23 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: pki-servlet-engine security update
Severity
Important
Notes
Topic: An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:0292
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:0292
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0292",
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0292.json"
}
],
"title": "Red Hat Security Advisory: pki-servlet-engine security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:45+00:00",
"generator": {
"date": "2026-03-18T20:51:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:0292",
"initial_release_date": "2026-01-08T07:23:28+00:00",
"revision_history": [
{
"date": "2026-01-08T07:23:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T07:23:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.43-4.el9_0.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"product_id": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.43-4.el9_0.2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"product": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"product_id": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.43-4.el9_0.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
},
"product_reference": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:23:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:23:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23050
Vulnerability from csaf_redhat - Published: 2025-12-10 14:45 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23050
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23050
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23050
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23050",
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23050.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:43+00:00",
"generator": {
"date": "2026-03-18T20:51:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23050",
"initial_release_date": "2025-12-10T14:45:33+00:00",
"revision_history": [
{
"date": "2025-12-10T14:45:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:45:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-5.0-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-3.el10_1.1.src",
"product": {
"name": "tomcat-1:10.1.36-3.el10_1.1.src",
"product_id": "tomcat-1:10.1.36-3.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-3.el10_1.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-3.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src"
},
"product_reference": "tomcat-1:10.1.36-3.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2026:2725
Vulnerability from csaf_redhat - Published: 2026-02-16 11:27 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: pki-deps:10.6 security update
Severity
Important
Notes
Topic: An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2725
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2725
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2725",
"url": "https://access.redhat.com/errata/RHSA-2026:2725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2725.json"
}
],
"title": "Red Hat Security Advisory: pki-deps:10.6 security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:49+00:00",
"generator": {
"date": "2026-03-18T20:51:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:2725",
"initial_release_date": "2026-02-16T11:27:07+00:00",
"revision_history": [
{
"date": "2026-02-16T11:27:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T11:27:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.7-16.module%2Bel8.2.0%2B23940%2Bb159abcc.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.7-16.module%2Bel8.2.0%2B23940%2Bb159abcc.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B23401%2B65186842?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.7-16.module%2Bel8.2.0%2B23940%2Bb159abcc.3?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B23401%2B65186842?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:27:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2725"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:27:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2725"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2026:2724
Vulnerability from csaf_redhat - Published: 2026-02-16 11:56 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: pki-deps:10.6 security update
Severity
Important
Notes
Topic: An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2724
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2724
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2724",
"url": "https://access.redhat.com/errata/RHSA-2026:2724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2724.json"
}
],
"title": "Red Hat Security Advisory: pki-deps:10.6 security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:47+00:00",
"generator": {
"date": "2026-03-18T20:51:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:2724",
"initial_release_date": "2026-02-16T11:56:58+00:00",
"revision_history": [
{
"date": "2026-02-16T11:56:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T11:56:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6)",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-3.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.30-1.module%2Bel8.4.0%2B23942%2Bfa6501e9.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.4.0%2B23942%2Bfa6501e9.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-6.module%2Bel8.4.0%2B23399%2Bfc91639f?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6)",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-3.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.4.0%2B23942%2Bfa6501e9.3?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-6.module%2Bel8.4.0%2B23399%2Bfc91639f?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:56:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2724"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:56:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2724"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23048
Vulnerability from csaf_redhat - Published: 2025-12-10 17:45 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23048
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23048
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23048",
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23048.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:43+00:00",
"generator": {
"date": "2026-03-18T20:51:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23048",
"initial_release_date": "2025-12-10T17:45:03+00:00",
"revision_history": [
{
"date": "2025-12-10T17:45:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T17:45:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_10.7.src",
"product": {
"name": "tomcat-1:9.0.87-1.el8_10.7.src",
"product_id": "tomcat-1:9.0.87-1.el8_10.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_10.7.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src"
},
"product_reference": "tomcat-1:9.0.87-1.el8_10.7.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T17:45:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T17:45:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:22925
Vulnerability from csaf_redhat - Published: 2025-12-09 15:25 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.8.6 serves as a replacement for Red Hat JBoss Web Server 5.8.5. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security Fix(es):
* [Minor Incident] tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames [jws-5] (CVE-2025-48989)
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-5] (CVE-2025-31651)
* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-5] (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:22925
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:22925
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:22925
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.6 serves as a replacement for Red Hat JBoss Web Server 5.8.5. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* [Minor Incident] tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames [jws-5] (CVE-2025-48989)\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-5] (CVE-2025-31651)\n* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-5] (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22925",
"url": "https://access.redhat.com/errata/RHSA-2025:22925"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html/red_hat_jboss_web_server_5.8_service_pack_6_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html/red_hat_jboss_web_server_5.8_service_pack_6_release_notes/index"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2373309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373309"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22925.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:41+00:00",
"generator": {
"date": "2026-03-18T20:51:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22925",
"initial_release_date": "2025-12-09T15:25:26+00:00",
"revision_history": [
{
"date": "2025-12-09T15:25:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-09T15:25:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.8 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.8 for RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"product_id": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.87-14.redhat_00013.1.el7jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"product_id": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.87-14.redhat_00013.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"product": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"product_id": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.87-14.redhat_00013.1.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk11@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-java-jdk8@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-14.redhat_00013.1.el7jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-14.redhat_00013.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product": {
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_id": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-14.redhat_00013.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server",
"product_id": "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"relates_to_product_reference": "7Server-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8",
"product_id": "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src"
},
"product_reference": "jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9",
"product_id": "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
},
"product_reference": "jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-5.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:25:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22925"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:15:11.266000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373309"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "RHBZ#2373309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48989",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48989"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:25:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22925"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:25:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22925"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el7jws.src",
"7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el7jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el8jws.src",
"8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el8jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-0:9.0.87-14.redhat_00013.1.el9jws.src",
"9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-14.redhat_00013.1.el9jws.noarch",
"9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-14.redhat_00013.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23053
Vulnerability from csaf_redhat - Published: 2025-12-10 14:39 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat9 security update
Severity
Important
Notes
Topic: An update for tomcat9 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23053
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23053
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat9 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23053",
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23053.json"
}
],
"title": "Red Hat Security Advisory: tomcat9 security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:49+00:00",
"generator": {
"date": "2026-03-18T20:51:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23053",
"initial_release_date": "2025-12-10T14:39:58+00:00",
"revision_history": [
{
"date": "2025-12-10T14:39:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:39:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-admin-webapps@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-docs-webapp@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-el-3.0-api@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-jsp-2.3-api@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-lib@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-servlet-4.0-api@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-webapps@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-5.el10_0.4.src",
"product": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.src",
"product_id": "tomcat9-1:9.0.87-5.el10_0.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-5.el10_0.4?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src"
},
"product_reference": "tomcat9-1:9.0.87-5.el10_0.4.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:39:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:39:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23052
Vulnerability from csaf_redhat - Published: 2025-12-10 14:44 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat9 security update
Severity
Important
Notes
Topic: An update for tomcat9 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23052
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23052
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat9 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23052",
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23052.json"
}
],
"title": "Red Hat Security Advisory: tomcat9 security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:44+00:00",
"generator": {
"date": "2026-03-18T20:51:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23052",
"initial_release_date": "2025-12-10T14:44:53+00:00",
"revision_history": [
{
"date": "2025-12-10T14:44:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:44:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-admin-webapps@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-docs-webapp@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-el-3.0-api@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-jsp-2.3-api@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-lib@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-servlet-4.0-api@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-webapps@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-8.el10_1.1.src",
"product": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.src",
"product_id": "tomcat9-1:9.0.87-8.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-8.el10_1.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src"
},
"product_reference": "tomcat9-1:9.0.87-8.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:44:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:44:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:19809
Vulnerability from csaf_redhat - Published: 2025-11-06 16:32 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update
Severity
Important
Notes
Topic: Red Hat JBoss Web Server 6.1.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security Fix(es):
* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)
* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:19809
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:19809
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:19809
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.1.3 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.1.3 serves as a replacement for Red Hat JBoss Web Server 6.1.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-6] (CVE-2025-55752)\n* tomcat-catalina: Apache Tomcat: Denial of service [jws-6] (CVE-2025-61795)\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-6] (CVE-2025-31651)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19809",
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.1/html/red_hat_jboss_web_server_6.1_service_pack_3_release_notes/index"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "JWS-3618",
"url": "https://issues.redhat.com/browse/JWS-3618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19809.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.3 release and security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:37+00:00",
"generator": {
"date": "2026-03-18T20:51:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:19809",
"initial_release_date": "2025-11-06T16:32:43+00:00",
"revision_history": [
{
"date": "2025-11-06T16:32:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T15:57:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1 for RHEL 10",
"product": {
"name": "Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el10"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1 for RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.1 for RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el10jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.36-19.redhat_00018.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.36-19.redhat_00018.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.36-19.redhat_00018.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 10",
"product_id": "10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 8",
"product_id": "8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.1 for RHEL 9",
"product_id": "9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:32:43+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:32:43+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-06T16:32:43+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el10jws.src",
"10Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"10Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el10jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el8jws.src",
"8Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"8Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el8jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-0:10.1.36-19.redhat_00018.1.el9jws.src",
"9Base-JWS-6.1:jws6-tomcat-admin-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-docs-webapp-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-el-5.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-javadoc-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-jsp-3.1-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-lib-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-selinux-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-servlet-6.0-api-0:10.1.36-19.redhat_00018.1.el9jws.noarch",
"9Base-JWS-6.1:jws6-tomcat-webapps-0:10.1.36-19.redhat_00018.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2025:22924
Vulnerability from csaf_redhat - Published: 2025-12-09 15:22 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security update
Severity
Important
Notes
Topic: Red Hat JBoss Web Server 5.8.6 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.8.6 serves as a replacement for Red Hat JBoss Web Server 5.8.5. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security Fix(es):
* [Minor Incident] tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames [jws-5] (CVE-2025-48989)
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-5] (CVE-2025-31651)
* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-5] (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2025:22924
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2025:22924
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
https://access.redhat.com/errata/RHSA-2025:22924
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 5.8.6 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.6 serves as a replacement for Red Hat JBoss Web Server 5.8.5. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* [Minor Incident] tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames [jws-5] (CVE-2025-48989)\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-5] (CVE-2025-31651)\n* tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-5] (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22924",
"url": "https://access.redhat.com/errata/RHSA-2025:22924"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html/red_hat_jboss_web_server_5.8_service_pack_6_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html/red_hat_jboss_web_server_5.8_service_pack_6_release_notes/index"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2373309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373309"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22924.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:41+00:00",
"generator": {
"date": "2026-03-18T20:51:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22924",
"initial_release_date": "2025-12-09T15:22:27+00:00",
"revision_history": [
{
"date": "2025-12-09T15:22:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-09T15:22:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 5.8.6",
"product": {
"name": "Red Hat JBoss Web Server 5.8.6",
"product_id": "Red Hat JBoss Web Server 5.8.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5.8.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:22:27+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 5.8.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22924"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Web Server 5.8.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 5.8.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-48989",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-18T08:15:11.266000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373309"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5.8.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "RHBZ#2373309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48989",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48989"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:22:27+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 5.8.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22924"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Web Server 5.8.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 5.8.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 5.8.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T15:22:27+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 5.8.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22924"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"Red Hat JBoss Web Server 5.8.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 5.8.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23045
Vulnerability from csaf_redhat - Published: 2025-12-10 14:52 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23045
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23045
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23045",
"url": "https://access.redhat.com/errata/RHSA-2025:23045"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23045.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:41+00:00",
"generator": {
"date": "2026-03-18T20:51:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23045",
"initial_release_date": "2025-12-10T14:52:08+00:00",
"revision_history": [
{
"date": "2025-12-10T14:52:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:52:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_8.8.src",
"product": {
"name": "tomcat-1:9.0.87-1.el8_8.8.src",
"product_id": "tomcat-1:9.0.87-1.el8_8.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_8.8?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_8.8.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src"
},
"product_reference": "tomcat-1:9.0.87-1.el8_8.8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_8.8.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src"
},
"product_reference": "tomcat-1:9.0.87-1.el8_8.8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el8_8.8.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:52:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23045"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:52:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23045"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.E4S:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-1:9.0.87-1.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-lib-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.8.noarch",
"AppStream-8.8.0.Z.TUS:tomcat-webapps-1:9.0.87-1.el8_8.8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23049
Vulnerability from csaf_redhat - Published: 2025-12-10 15:15 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23049
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23049
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23049",
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23049.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:47+00:00",
"generator": {
"date": "2026-03-18T20:51:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23049",
"initial_release_date": "2025-12-10T15:15:23+00:00",
"revision_history": [
{
"date": "2025-12-10T15:15:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T15:15:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-6.el9_7.1.src",
"product": {
"name": "tomcat-1:9.0.87-6.el9_7.1.src",
"product_id": "tomcat-1:9.0.87-6.el9_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-6.el9_7.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-6.el9_7.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src"
},
"product_reference": "tomcat-1:9.0.87-6.el9_7.1.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:15:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:15:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2026:2726
Vulnerability from csaf_redhat - Published: 2026-02-16 12:04 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: pki-deps:10.6 security update
Severity
Important
Notes
Topic: An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2726
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:2726
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2726",
"url": "https://access.redhat.com/errata/RHSA-2026:2726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2726.json"
}
],
"title": "Red Hat Security Advisory: pki-deps:10.6 security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:46+00:00",
"generator": {
"date": "2026-03-18T20:51:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:2726",
"initial_release_date": "2026-02-16T12:04:57+00:00",
"revision_history": [
{
"date": "2026-02-16T12:04:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T12:04:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6)",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.30-3.module%2Bel8.6.0%2B23938%2Bb3b8726f.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-3.module%2Bel8.6.0%2B23938%2Bb3b8726f.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-6.module%2Bel8.6.0%2B23400%2Baafc0b27?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6)",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-2.module%2Bel8.6.0%2B23397%2B419fb810?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-3.module%2Bel8.6.0%2B23938%2Bb3b8726f.3?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-6.module%2Bel8.6.0%2B23400%2Baafc0b27?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8060020260128101437:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:04:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2726"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:04:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2726"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.E4S:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:fasterxml-oss-parent-0:69-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-annotations-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-bom-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-core-0:2.19.1-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-databind-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-modules-base-0:2.19.1-1.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jackson-parent-0:2.19.2-2.module+el8.6.0+23397+419fb810.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-4.0-api-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:pki-servlet-engine-1:9.0.30-3.module+el8.6.0+23938+b3b8726f.3.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:resteasy-0:3.0.26-6.module+el8.6.0+23400+aafc0b27.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.6.0.Z.TUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23044
Vulnerability from csaf_redhat - Published: 2025-12-10 17:07 - Updated: 2026-03-18 20:51Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23044
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2025:23044
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
To reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23044",
"url": "https://access.redhat.com/errata/RHSA-2025:23044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23044.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-03-18T20:51:42+00:00",
"generator": {
"date": "2026-03-18T20:51:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23044",
"initial_release_date": "2025-12-10T17:07:38+00:00",
"revision_history": [
{
"date": "2025-12-10T17:07:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T17:07:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T20:51:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-3.el9_6.4.src",
"product": {
"name": "tomcat-1:9.0.87-3.el9_6.4.src",
"product_id": "tomcat-1:9.0.87-3.el9_6.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-3.el9_6.4?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-3.el9_6.4.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-3.el9_6.4.noarch",
"product_id": "tomcat-webapps-1:9.0.87-3.el9_6.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-3.el9_6.4?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-3.el9_6.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src"
},
"product_reference": "tomcat-1:9.0.87-3.el9_6.4.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-3.el9_6.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-3.el9_6.4.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T17:07:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23044"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T17:07:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23044"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-1:9.0.87-3.el9_6.4.src",
"AppStream-9.6.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-lib-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-3.el9_6.4.noarch",
"AppStream-9.6.0.Z.EUS:tomcat-webapps-1:9.0.87-3.el9_6.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
OPENSUSE-SU-2025:15049-1
Vulnerability from csaf_opensuse - Published: 2025-05-02 00:00 - Updated: 2025-05-02 00:00Summary
tomcat10-10.1.40-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: tomcat10-10.1.40-1.1 on GA media
Description of the patch: These are all security issues fixed in the tomcat10-10.1.40-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15049
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat10-10.1.40-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat10-10.1.40-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15049",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15049-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
}
],
"title": "tomcat10-10.1.40-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-02T00:00:00Z",
"generator": {
"date": "2025-05-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15049-1",
"initial_release_date": "2025-05-02T00:00:00Z",
"revision_history": [
{
"date": "2025-05-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-10.1.40-1.1.aarch64",
"product_id": "tomcat10-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"product_id": "tomcat10-admin-webapps-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-doc-10.1.40-1.1.aarch64",
"product_id": "tomcat10-doc-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"product_id": "tomcat10-docs-webapp-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"product_id": "tomcat10-el-5_0-api-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-embed-10.1.40-1.1.aarch64",
"product_id": "tomcat10-embed-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"product_id": "tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-jsvc-10.1.40-1.1.aarch64",
"product_id": "tomcat10-jsvc-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-lib-10.1.40-1.1.aarch64",
"product_id": "tomcat10-lib-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"product_id": "tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.40-1.1.aarch64",
"product": {
"name": "tomcat10-webapps-10.1.40-1.1.aarch64",
"product_id": "tomcat10-webapps-10.1.40-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-admin-webapps-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-doc-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-doc-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-docs-webapp-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-el-5_0-api-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-embed-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-embed-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-jsvc-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-jsvc-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-lib-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-lib-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.40-1.1.ppc64le",
"product": {
"name": "tomcat10-webapps-10.1.40-1.1.ppc64le",
"product_id": "tomcat10-webapps-10.1.40-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-10.1.40-1.1.s390x",
"product_id": "tomcat10-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.s390x",
"product_id": "tomcat10-admin-webapps-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-doc-10.1.40-1.1.s390x",
"product_id": "tomcat10-doc-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.s390x",
"product_id": "tomcat10-docs-webapp-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"product_id": "tomcat10-el-5_0-api-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-embed-10.1.40-1.1.s390x",
"product_id": "tomcat10-embed-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"product_id": "tomcat10-jsp-3_1-api-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-jsvc-10.1.40-1.1.s390x",
"product_id": "tomcat10-jsvc-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-lib-10.1.40-1.1.s390x",
"product_id": "tomcat10-lib-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"product_id": "tomcat10-servlet-6_0-api-10.1.40-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.40-1.1.s390x",
"product": {
"name": "tomcat10-webapps-10.1.40-1.1.s390x",
"product_id": "tomcat10-webapps-10.1.40-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-10.1.40-1.1.x86_64",
"product_id": "tomcat10-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"product_id": "tomcat10-admin-webapps-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-doc-10.1.40-1.1.x86_64",
"product_id": "tomcat10-doc-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"product_id": "tomcat10-docs-webapp-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"product_id": "tomcat10-el-5_0-api-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-embed-10.1.40-1.1.x86_64",
"product_id": "tomcat10-embed-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"product_id": "tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-jsvc-10.1.40-1.1.x86_64",
"product_id": "tomcat10-jsvc-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-lib-10.1.40-1.1.x86_64",
"product_id": "tomcat10-lib-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"product_id": "tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.40-1.1.x86_64",
"product": {
"name": "tomcat10-webapps-10.1.40-1.1.x86_64",
"product_id": "tomcat10-webapps-10.1.40-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-doc-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-doc-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-doc-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-doc-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-docs-webapp-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-embed-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-embed-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-embed-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-embed-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-jsvc-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-jsvc-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-jsvc-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-jsvc-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-lib-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-lib-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-lib-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-lib-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.aarch64"
},
"product_reference": "tomcat10-webapps-10.1.40-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.ppc64le"
},
"product_reference": "tomcat10-webapps-10.1.40-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.s390x"
},
"product_reference": "tomcat10-webapps-10.1.40-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.x86_64"
},
"product_reference": "tomcat10-webapps-10.1.40-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31650"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31650",
"url": "https://www.suse.com/security/cve/CVE-2025-31650"
},
{
"category": "external",
"summary": "SUSE Bug 1242008 for CVE-2025-31650",
"url": "https://bugzilla.suse.com/1242008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-admin-webapps-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-doc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-docs-webapp-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-el-5_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-embed-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsp-3_1-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-jsvc-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-lib-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-servlet-6_0-api-10.1.40-1.1.x86_64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.aarch64",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.s390x",
"openSUSE Tumbleweed:tomcat10-webapps-10.1.40-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
}
]
}
OPENSUSE-SU-2025:15048-1
Vulnerability from csaf_opensuse - Published: 2025-05-02 00:00 - Updated: 2025-05-02 00:00Summary
tomcat-9.0.104-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: tomcat-9.0.104-1.1 on GA media
Description of the patch: These are all security issues fixed in the tomcat-9.0.104-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15048
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tomcat-9.0.104-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tomcat-9.0.104-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15048",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15048-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
}
],
"title": "tomcat-9.0.104-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-02T00:00:00Z",
"generator": {
"date": "2025-05-02T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15048-1",
"initial_release_date": "2025-05-02T00:00:00Z",
"revision_history": [
{
"date": "2025-05-02T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-9.0.104-1.1.aarch64",
"product_id": "tomcat-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-admin-webapps-9.0.104-1.1.aarch64",
"product_id": "tomcat-admin-webapps-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-docs-webapp-9.0.104-1.1.aarch64",
"product_id": "tomcat-docs-webapp-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"product_id": "tomcat-el-3_0-api-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-embed-9.0.104-1.1.aarch64",
"product_id": "tomcat-embed-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-javadoc-9.0.104-1.1.aarch64",
"product_id": "tomcat-javadoc-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"product_id": "tomcat-jsp-2_3-api-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-jsvc-9.0.104-1.1.aarch64",
"product_id": "tomcat-jsvc-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-lib-9.0.104-1.1.aarch64",
"product_id": "tomcat-lib-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"product_id": "tomcat-servlet-4_0-api-9.0.104-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.104-1.1.aarch64",
"product": {
"name": "tomcat-webapps-9.0.104-1.1.aarch64",
"product_id": "tomcat-webapps-9.0.104-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-9.0.104-1.1.ppc64le",
"product_id": "tomcat-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"product_id": "tomcat-admin-webapps-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"product_id": "tomcat-docs-webapp-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"product_id": "tomcat-el-3_0-api-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-embed-9.0.104-1.1.ppc64le",
"product_id": "tomcat-embed-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-javadoc-9.0.104-1.1.ppc64le",
"product_id": "tomcat-javadoc-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"product_id": "tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-jsvc-9.0.104-1.1.ppc64le",
"product_id": "tomcat-jsvc-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-lib-9.0.104-1.1.ppc64le",
"product_id": "tomcat-lib-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"product_id": "tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.104-1.1.ppc64le",
"product": {
"name": "tomcat-webapps-9.0.104-1.1.ppc64le",
"product_id": "tomcat-webapps-9.0.104-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-9.0.104-1.1.s390x",
"product_id": "tomcat-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-admin-webapps-9.0.104-1.1.s390x",
"product_id": "tomcat-admin-webapps-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-docs-webapp-9.0.104-1.1.s390x",
"product_id": "tomcat-docs-webapp-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.s390x",
"product_id": "tomcat-el-3_0-api-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-embed-9.0.104-1.1.s390x",
"product_id": "tomcat-embed-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-javadoc-9.0.104-1.1.s390x",
"product_id": "tomcat-javadoc-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"product_id": "tomcat-jsp-2_3-api-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-jsvc-9.0.104-1.1.s390x",
"product_id": "tomcat-jsvc-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-lib-9.0.104-1.1.s390x",
"product_id": "tomcat-lib-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"product_id": "tomcat-servlet-4_0-api-9.0.104-1.1.s390x"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.104-1.1.s390x",
"product": {
"name": "tomcat-webapps-9.0.104-1.1.s390x",
"product_id": "tomcat-webapps-9.0.104-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-9.0.104-1.1.x86_64",
"product_id": "tomcat-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-admin-webapps-9.0.104-1.1.x86_64",
"product_id": "tomcat-admin-webapps-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-docs-webapp-9.0.104-1.1.x86_64",
"product_id": "tomcat-docs-webapp-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"product_id": "tomcat-el-3_0-api-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-embed-9.0.104-1.1.x86_64",
"product_id": "tomcat-embed-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-javadoc-9.0.104-1.1.x86_64",
"product_id": "tomcat-javadoc-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"product_id": "tomcat-jsp-2_3-api-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-jsvc-9.0.104-1.1.x86_64",
"product_id": "tomcat-jsvc-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-lib-9.0.104-1.1.x86_64",
"product_id": "tomcat-lib-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"product_id": "tomcat-servlet-4_0-api-9.0.104-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.104-1.1.x86_64",
"product": {
"name": "tomcat-webapps-9.0.104-1.1.x86_64",
"product_id": "tomcat-webapps-9.0.104-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-admin-webapps-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-admin-webapps-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-admin-webapps-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-docs-webapp-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-docs-webapp-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-docs-webapp-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-embed-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-embed-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-embed-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-embed-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-javadoc-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-javadoc-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-javadoc-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-javadoc-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-jsvc-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-jsvc-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-jsvc-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-jsvc-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-lib-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-lib-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-lib-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-lib-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.aarch64"
},
"product_reference": "tomcat-webapps-9.0.104-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.ppc64le"
},
"product_reference": "tomcat-webapps-9.0.104-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.s390x"
},
"product_reference": "tomcat-webapps-9.0.104-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.x86_64"
},
"product_reference": "tomcat-webapps-9.0.104-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31650"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31650",
"url": "https://www.suse.com/security/cve/CVE-2025-31650"
},
{
"category": "external",
"summary": "SUSE Bug 1242008 for CVE-2025-31650",
"url": "https://bugzilla.suse.com/1242008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-admin-webapps-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-docs-webapp-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-el-3_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-embed-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-javadoc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsp-2_3-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-jsvc-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-lib-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-servlet-4_0-api-9.0.104-1.1.x86_64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.aarch64",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.ppc64le",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.s390x",
"openSUSE Tumbleweed:tomcat-webapps-9.0.104-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-02T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
}
]
}
WID-SEC-W-2025-0895
Vulnerability from csaf_certbund - Published: 2025-04-28 22:00 - Updated: 2026-01-07 23:00Summary
Apache Tomcat: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen, oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0895 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0895.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0895 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0895"
},
{
"category": "external",
"summary": "Lists Apache.org vom 2025-04-28",
"url": "https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826"
},
{
"category": "external",
"summary": "Lists Apache.org vom 2025-04-28",
"url": "https://lists.apache.org/thread/cpklvqwvdrp4k9hmd2l3q33j0gzy4fox"
},
{
"category": "external",
"summary": "OSS Security Mailing List vom 2025-04-28",
"url": "https://seclists.org/oss-sec/2025/q2/100"
},
{
"category": "external",
"summary": "OSS Security Mailing List vom 2025-04-28",
"url": "https://seclists.org/oss-sec/2025/q2/101"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2025-04-28",
"url": "https://github.com/advisories/GHSA-3p2h-wqq4-wf4h"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2025-04-28",
"url": "https://github.com/advisories/GHSA-ff77-26x5-69cr"
},
{
"category": "external",
"summary": "PoC CVE-2025-31650 vom 2025-04-29",
"url": "https://github.com/tunahantekeoglu/CVE-2025-31650"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1521-1 vom 2025-05-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RFTKW33WAI4B3WZ5ZCAZYPZAMSCNNSM4/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1537-1 vom 2025-05-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WLX5T7LK4QQHONBUWBDVFGFTQU32S6PX/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2025-017 vom 2025-05-14",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2025-017.html"
},
{
"category": "external",
"summary": "Atlassian Security Advisory",
"url": "https://jira.atlassian.com/browse/BAM-26105"
},
{
"category": "external",
"summary": "Atlassian Security Advisory",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99686"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7234040 vom 2025-05-21",
"url": "https://www.ibm.com/support/pages/node/7234040"
},
{
"category": "external",
"summary": "Atlassian Security Advisory",
"url": "https://jira.atlassian.com/browse/CONFSERVER-99568"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2025-018 vom 2025-05-29",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2025-018.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01521-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020943.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01537-1 vom 2025-05-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020935.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01882-1 vom 2025-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021460.html"
},
{
"category": "external",
"summary": "Atlassian Security Advisory JSWSERVER-26411 vom 2025-06-17",
"url": "https://confluence.atlassian.com/security/security-bulletin-june-17-2025-1574012717.html"
},
{
"category": "external",
"summary": "Trellix 2025 Update 5 Release Notes vom 2025-06-25",
"url": "https://docs.trellix.com/bundle/epolicy-orchestrator-saas-release-notes/page/UUID-bdfa33f8-426e-ec2b-a46a-a50c7743b530.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2025-018 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2025-018.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2025-017 vom 2025-06-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2025-017.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11335 vom 2025-07-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-11335.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11335 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11335"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11332 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11332"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11333 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11333"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11334 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11334"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11333 vom 2025-07-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-11333.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11381 vom 2025-07-17",
"url": "https://access.redhat.com/errata/RHSA-2025:11381"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11382 vom 2025-07-17",
"url": "https://access.redhat.com/errata/RHSA-2025:11382"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11332 vom 2025-07-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-11332.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4244 vom 2025-07-22",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-08-05",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=4cd4383f3bcb26d828f8f547f4e45af6"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7241547 vom 2025-08-06",
"url": "https://www.ibm.com/support/pages/node/7241547"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7705-1 vom 2025-08-20",
"url": "https://ubuntu.com/security/notices/USN-7705-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-309 vom 2025-09-08",
"url": "https://www.dell.com/support/kbdoc/de-de/000362754/dsa-2025-309-security-update-for-dell-networker-apache-tomcat-vulnerabilities"
},
{
"category": "external",
"summary": "SAS Security Update vom 2025-10-02",
"url": "https://support.sas.com/en/security-bulletins/sas-security-update-for-sas-94m9-ts1m9.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19810 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19810"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19809 vom 2025-11-06",
"url": "https://access.redhat.com/errata/RHSA-2025:19809"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7252039 vom 2025-11-20",
"url": "https://www.ibm.com/support/pages/node/7252039"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22924 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22924"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22925 vom 2025-12-09",
"url": "https://access.redhat.com/errata/RHSA-2025:22925"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23049 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23049.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23050 vom 2025-12-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-23050.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23052 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23052.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23053 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23051 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23050 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23052 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23049 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23048 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23047 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23046 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23045 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23044 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23044"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23049 vom 2025-12-11",
"url": "https://errata.build.resf.org/RLSA-2025:23049"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23048 vom 2025-12-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-23048.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23050 vom 2025-12-12",
"url": "https://errata.build.resf.org/RLSA-2025:23050"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23052 vom 2025-12-12",
"url": "https://errata.build.resf.org/RLSA-2025:23052"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23048 vom 2025-12-13",
"url": "https://errata.build.resf.org/RLSA-2025:23048"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0292 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0293 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-07T23:00:00.000+00:00",
"generator": {
"date": "2026-01-08T08:11:50.522+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-0895",
"initial_release_date": "2025-04-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-29T22:00:00.000+00:00",
"number": "2",
"summary": "PoC f\u00fcr CVE-2025-31650 aufgenommen"
},
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-12T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Atlassian und IBM aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon und SUSE aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2025-06-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-08-05T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux, Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-12-11T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "26"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.6",
"product": {
"name": "Apache Tomcat \u003c11.0.6",
"product_id": "T043183"
}
},
{
"category": "product_version",
"name": "11.0.6",
"product": {
"name": "Apache Tomcat 11.0.6",
"product_id": "T043183-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.40",
"product": {
"name": "Apache Tomcat \u003c10.1.40",
"product_id": "T043184"
}
},
{
"category": "product_version",
"name": "10.1.40",
"product": {
"name": "Apache Tomcat 10.1.40",
"product_id": "T043184-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.104",
"product": {
"name": "Apache Tomcat \u003c9.0.104",
"product_id": "T043185"
}
},
{
"category": "product_version",
"name": "9.0.104",
"product": {
"name": "Apache Tomcat 9.0.104",
"product_id": "T043185-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.104"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.4",
"product": {
"name": "Atlassian Bamboo \u003c10.2.4",
"product_id": "T044013"
}
},
{
"category": "product_version",
"name": "10.2.4",
"product": {
"name": "Atlassian Bamboo 10.2.4",
"product_id": "T044013-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.13",
"product": {
"name": "Atlassian Bamboo \u003c9.6.13",
"product_id": "T044014"
}
},
{
"category": "product_version",
"name": "9.6.13",
"product": {
"name": "Atlassian Bamboo 9.6.13",
"product_id": "T044014-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.1",
"product": {
"name": "Atlassian Bamboo \u003c11.0.1",
"product_id": "T044015"
}
},
{
"category": "product_version",
"name": "11.0.1",
"product": {
"name": "Atlassian Bamboo 11.0.1",
"product_id": "T044015-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:11.0.1"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.2",
"product": {
"name": "Atlassian Confluence \u003c9.2.2",
"product_id": "T042904"
}
},
{
"category": "product_version",
"name": "9.2.2",
"product": {
"name": "Atlassian Confluence 9.2.2",
"product_id": "T042904-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center_and_server__9.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.2",
"product": {
"name": "Atlassian Confluence \u003c9.3.2",
"product_id": "T042906"
}
},
{
"category": "product_version",
"name": "9.3.2",
"product": {
"name": "Atlassian Confluence 9.3.2",
"product_id": "T042906-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center_and_server__9.3.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.21",
"product": {
"name": "Atlassian Confluence \u003c8.5.21",
"product_id": "T042909"
}
},
{
"category": "product_version",
"name": "8.5.21",
"product": {
"name": "Atlassian Confluence 8.5.21",
"product_id": "T042909-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center_and_server__8.5.21"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.1",
"product": {
"name": "Atlassian Confluence \u003c9.4.1",
"product_id": "T044016"
}
},
{
"category": "product_version",
"name": "9.4.1",
"product": {
"name": "Atlassian Confluence 9.4.1",
"product_id": "T044016-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.4",
"product": {
"name": "Atlassian Confluence \u003c9.2.4",
"product_id": "T044017"
}
},
{
"category": "product_version",
"name": "9.2.4",
"product": {
"name": "Atlassian Confluence 9.2.4",
"product_id": "T044017-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.22",
"product": {
"name": "Atlassian Confluence \u003c8.5.22",
"product_id": "T044018"
}
},
{
"category": "product_version",
"name": "8.5.22",
"product": {
"name": "Atlassian Confluence 8.5.22",
"product_id": "T044018-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.22"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6.1",
"product": {
"name": "Atlassian Jira \u003c10.6.1",
"product_id": "T044689"
}
},
{
"category": "product_version",
"name": "10.6.1",
"product": {
"name": "Atlassian Jira 10.6.1",
"product_id": "T044689-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:10.6.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.3.6 (LTS)",
"product": {
"name": "Atlassian Jira \u003c10.3.6 (LTS)",
"product_id": "T044691"
}
},
{
"category": "product_version",
"name": "10.3.6 (LTS)",
"product": {
"name": "Atlassian Jira 10.3.6 (LTS)",
"product_id": "T044691-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:10.3.6::lts"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.13.0.1",
"product": {
"name": "Dell NetWorker \u003c19.13.0.1",
"product_id": "T046768"
}
},
{
"category": "product_version",
"name": "19.13.0.1",
"product": {
"name": "Dell NetWorker 19.13.0.1",
"product_id": "T046768-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.13.0.1"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.1.18.2",
"product": {
"name": "HCL Commerce \u003c9.1.18.2",
"product_id": "T045896"
}
},
{
"category": "product_version",
"name": "9.1.18.2",
"product": {
"name": "HCL Commerce 9.1.18.2",
"product_id": "T045896-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.1.18.2"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "10.1.0.0-10.1.0.5",
"product": {
"name": "IBM Integration Bus 10.1.0.0-10.1.0.5",
"product_id": "T044022",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:10.1.0.0_-_10.1.0.5"
}
}
}
],
"category": "product_name",
"name": "Integration Bus"
},
{
"category": "product_name",
"name": "IBM Power Hardware Management Console",
"product": {
"name": "IBM Power Hardware Management Console",
"product_id": "5114",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "1411051",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server",
"product": {
"name": "Red Hat JBoss Web Server",
"product_id": "T003426",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.8.6",
"product": {
"name": "Red Hat JBoss Web Server \u003c5.8.6",
"product_id": "T049206"
}
},
{
"category": "product_version",
"name": "5.8.6",
"product": {
"name": "Red Hat JBoss Web Server 5.8.6",
"product_id": "T049206-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8.6"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.4M9 (TS1M9)",
"product": {
"name": "SAS Institute Base SAS \u003c9.4M9 (TS1M9)",
"product_id": "T047382"
}
},
{
"category": "product_version",
"name": "9.4M9 (TS1M9)",
"product": {
"name": "SAS Institute Base SAS 9.4M9 (TS1M9)",
"product_id": "T047382-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:sas:base_sas:9.4m9_%28ts1m9%29"
}
}
}
],
"category": "product_name",
"name": "Base SAS"
}
],
"category": "vendor",
"name": "SAS Institute"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2025 Update 5",
"product": {
"name": "Trellix ePolicy Orchestrator \u003c2025 Update 5",
"product_id": "T044835"
}
},
{
"category": "product_version",
"name": "2025 Update 5",
"product": {
"name": "Trellix ePolicy Orchestrator 2025 Update 5",
"product_id": "T044835-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:trellix:epolicy_orchestrator:2025_update_5"
}
}
}
],
"category": "product_name",
"name": "ePolicy Orchestrator"
}
],
"category": "vendor",
"name": "Trellix"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T042909",
"T047382",
"67646",
"T003426",
"T042904",
"T004914",
"T042906",
"T044016",
"T044015",
"T044018",
"T044017",
"T044835",
"T043183",
"398363",
"T043184",
"T043185",
"T044691",
"T049206",
"T044014",
"T044013",
"5114",
"T032255",
"T045896",
"T046768",
"T044689",
"2951",
"T002207",
"T000126",
"T044022",
"1411051"
]
},
"release_date": "2025-04-28T22:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T042909",
"T047382",
"67646",
"T003426",
"T042904",
"T004914",
"T042906",
"T044016",
"T044015",
"T044018",
"T044017",
"T044835",
"T043183",
"398363",
"T043184",
"T043185",
"T044691",
"T049206",
"T044014",
"T044013",
"5114",
"T032255",
"T045896",
"T046768",
"T044689",
"2951",
"T002207",
"T000126",
"T044022",
"1411051"
]
},
"release_date": "2025-04-28T22:00:00.000+00:00",
"title": "CVE-2025-31651"
}
]
}
WID-SEC-W-2025-1439
Vulnerability from csaf_certbund - Published: 2025-06-30 22:00 - Updated: 2025-09-23 22:00Summary
Dell Secure Connect Gateway: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Dell Secure Connect Gateway ist eine Softwarelösung, die als sicherer, zentralisierter Punkt für die Verwaltung des Fernzugriffs und des Supports für Hardware und Software von Dell Technologies dient.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
References
| URL | Category | |
|---|---|---|
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell Secure Connect Gateway ist eine Softwarel\u00f6sung, die als sicherer, zentralisierter Punkt f\u00fcr die Verwaltung des Fernzugriffs und des Supports f\u00fcr Hardware und Software von Dell Technologies dient.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1439 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1439.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1439 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1439"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-260 vom 2025-06-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000337528/dsa-2025-260-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03283-1 vom 2025-09-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022596.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03314-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022615.html"
}
],
"source_lang": "en-US",
"title": "Dell Secure Connect Gateway: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2025-09-23T22:00:00.000+00:00",
"generator": {
"date": "2025-09-24T05:21:15.583+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1439",
"initial_release_date": "2025-06-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.30.0.14",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.30.0.14",
"product_id": "T044974"
}
},
{
"category": "product_version",
"name": "5.30.0.14",
"product": {
"name": "Dell Secure Connect Gateway 5.30.0.14",
"product_id": "T044974-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.30.0.14"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-39028",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2022-39028"
},
{
"cve": "CVE-2023-4016",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-4016"
},
{
"cve": "CVE-2023-40403",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-40403"
},
{
"cve": "CVE-2023-46316",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-46316"
},
{
"cve": "CVE-2023-52426",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2023-52831",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52831"
},
{
"cve": "CVE-2023-52924",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52924"
},
{
"cve": "CVE-2023-52925",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52925"
},
{
"cve": "CVE-2023-52926",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52926"
},
{
"cve": "CVE-2023-52927",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2023-52927"
},
{
"cve": "CVE-2024-10041",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-10041"
},
{
"cve": "CVE-2024-11168",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-11168"
},
{
"cve": "CVE-2024-12243",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-12243"
},
{
"cve": "CVE-2024-26634",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26634"
},
{
"cve": "CVE-2024-26708",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26708"
},
{
"cve": "CVE-2024-26810",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26810"
},
{
"cve": "CVE-2024-26873",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-26873"
},
{
"cve": "CVE-2024-29018",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-29018"
},
{
"cve": "CVE-2024-35826",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-35826"
},
{
"cve": "CVE-2024-35910",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-35910"
},
{
"cve": "CVE-2024-38606",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-38606"
},
{
"cve": "CVE-2024-40635",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-40635"
},
{
"cve": "CVE-2024-40980",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-40980"
},
{
"cve": "CVE-2024-41005",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41005"
},
{
"cve": "CVE-2024-41055",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41055"
},
{
"cve": "CVE-2024-41077",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41077"
},
{
"cve": "CVE-2024-41149",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-41149"
},
{
"cve": "CVE-2024-42307",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-42307"
},
{
"cve": "CVE-2024-43790",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43790"
},
{
"cve": "CVE-2024-43802",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43802"
},
{
"cve": "CVE-2024-43820",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-43820"
},
{
"cve": "CVE-2024-44974",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-44974"
},
{
"cve": "CVE-2024-45009",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-45306",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-45306"
},
{
"cve": "CVE-2024-46736",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46736"
},
{
"cve": "CVE-2024-46782",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46782"
},
{
"cve": "CVE-2024-46796",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-46796"
},
{
"cve": "CVE-2024-47220",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47220"
},
{
"cve": "CVE-2024-47408",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47408"
},
{
"cve": "CVE-2024-47794",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-47794"
},
{
"cve": "CVE-2024-49571",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49571"
},
{
"cve": "CVE-2024-49761",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49761"
},
{
"cve": "CVE-2024-49924",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49924"
},
{
"cve": "CVE-2024-49940",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49940"
},
{
"cve": "CVE-2024-49994",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-49994"
},
{
"cve": "CVE-2024-50029",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50029"
},
{
"cve": "CVE-2024-50036",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50036"
},
{
"cve": "CVE-2024-50056",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50056"
},
{
"cve": "CVE-2024-50085",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50085"
},
{
"cve": "CVE-2024-50126",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50126"
},
{
"cve": "CVE-2024-50140",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50140"
},
{
"cve": "CVE-2024-50152",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50152"
},
{
"cve": "CVE-2024-50185",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50185"
},
{
"cve": "CVE-2024-50290",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50290"
},
{
"cve": "CVE-2024-50294",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-50294"
},
{
"cve": "CVE-2024-52559",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-52559"
},
{
"cve": "CVE-2024-53057",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53057"
},
{
"cve": "CVE-2024-53063",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53063"
},
{
"cve": "CVE-2024-53123",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53123"
},
{
"cve": "CVE-2024-53140",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53140"
},
{
"cve": "CVE-2024-53147",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53147"
},
{
"cve": "CVE-2024-53163",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53163"
},
{
"cve": "CVE-2024-53176",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53176"
},
{
"cve": "CVE-2024-53177",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53177"
},
{
"cve": "CVE-2024-53178",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53178"
},
{
"cve": "CVE-2024-53226",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53226"
},
{
"cve": "CVE-2024-53680",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-53680"
},
{
"cve": "CVE-2024-54683",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-54683"
},
{
"cve": "CVE-2024-55549",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-55549"
},
{
"cve": "CVE-2024-56171",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56171"
},
{
"cve": "CVE-2024-56568",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56568"
},
{
"cve": "CVE-2024-56579",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56579"
},
{
"cve": "CVE-2024-56633",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2024-56638",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56638"
},
{
"cve": "CVE-2024-56640",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56640"
},
{
"cve": "CVE-2024-56647",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56647"
},
{
"cve": "CVE-2024-56702",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56702"
},
{
"cve": "CVE-2024-56703",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56703"
},
{
"cve": "CVE-2024-56718",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56718"
},
{
"cve": "CVE-2024-56719",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56719"
},
{
"cve": "CVE-2024-56720",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56720"
},
{
"cve": "CVE-2024-56751",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56751"
},
{
"cve": "CVE-2024-56758",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56758"
},
{
"cve": "CVE-2024-56770",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-56770"
},
{
"cve": "CVE-2024-57807",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57807"
},
{
"cve": "CVE-2024-57834",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57834"
},
{
"cve": "CVE-2024-57889",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57889"
},
{
"cve": "CVE-2024-57900",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57900"
},
{
"cve": "CVE-2024-57947",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57947"
},
{
"cve": "CVE-2024-57948",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57948"
},
{
"cve": "CVE-2024-57973",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57973"
},
{
"cve": "CVE-2024-57974",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57974"
},
{
"cve": "CVE-2024-57978",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57978"
},
{
"cve": "CVE-2024-57979",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57979"
},
{
"cve": "CVE-2024-57980",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57980"
},
{
"cve": "CVE-2024-57981",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57981"
},
{
"cve": "CVE-2024-57986",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57986"
},
{
"cve": "CVE-2024-57990",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57990"
},
{
"cve": "CVE-2024-57993",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57993"
},
{
"cve": "CVE-2024-57994",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57994"
},
{
"cve": "CVE-2024-57996",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57996"
},
{
"cve": "CVE-2024-57997",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57997"
},
{
"cve": "CVE-2024-57999",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-57999"
},
{
"cve": "CVE-2024-58002",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58002"
},
{
"cve": "CVE-2024-58005",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58005"
},
{
"cve": "CVE-2024-58006",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58006"
},
{
"cve": "CVE-2024-58007",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58007"
},
{
"cve": "CVE-2024-58009",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58009"
},
{
"cve": "CVE-2024-58011",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58011"
},
{
"cve": "CVE-2024-58012",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58012"
},
{
"cve": "CVE-2024-58013",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58013"
},
{
"cve": "CVE-2024-58014",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58014"
},
{
"cve": "CVE-2024-58017",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58017"
},
{
"cve": "CVE-2024-58019",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58019"
},
{
"cve": "CVE-2024-58020",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58020"
},
{
"cve": "CVE-2024-58034",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58034"
},
{
"cve": "CVE-2024-58051",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58051"
},
{
"cve": "CVE-2024-58052",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58052"
},
{
"cve": "CVE-2024-58054",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58054"
},
{
"cve": "CVE-2024-58055",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58055"
},
{
"cve": "CVE-2024-58056",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58056"
},
{
"cve": "CVE-2024-58057",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58057"
},
{
"cve": "CVE-2024-58058",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58058"
},
{
"cve": "CVE-2024-58061",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58061"
},
{
"cve": "CVE-2024-58063",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58063"
},
{
"cve": "CVE-2024-58069",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58069"
},
{
"cve": "CVE-2024-58072",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58072"
},
{
"cve": "CVE-2024-58076",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58076"
},
{
"cve": "CVE-2024-58078",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58078"
},
{
"cve": "CVE-2024-58079",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58079"
},
{
"cve": "CVE-2024-58080",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58080"
},
{
"cve": "CVE-2024-58083",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58083"
},
{
"cve": "CVE-2024-58085",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58085"
},
{
"cve": "CVE-2024-58086",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-58086"
},
{
"cve": "CVE-2024-8176",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2025-0395",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-0395"
},
{
"cve": "CVE-2025-1094",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1094"
},
{
"cve": "CVE-2025-1215",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1215"
},
{
"cve": "CVE-2025-1795",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-1795"
},
{
"cve": "CVE-2025-21631",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21631"
},
{
"cve": "CVE-2025-21635",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21635"
},
{
"cve": "CVE-2025-21636",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21636"
},
{
"cve": "CVE-2025-21637",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21637"
},
{
"cve": "CVE-2025-21638",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21638"
},
{
"cve": "CVE-2025-21639",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21639"
},
{
"cve": "CVE-2025-21640",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21640"
},
{
"cve": "CVE-2025-21647",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21647"
},
{
"cve": "CVE-2025-21659",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21659"
},
{
"cve": "CVE-2025-21665",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21665"
},
{
"cve": "CVE-2025-21667",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21667"
},
{
"cve": "CVE-2025-21668",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21668"
},
{
"cve": "CVE-2025-21671",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21671"
},
{
"cve": "CVE-2025-21673",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21673"
},
{
"cve": "CVE-2025-21680",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21680"
},
{
"cve": "CVE-2025-21681",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21681"
},
{
"cve": "CVE-2025-21684",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21684"
},
{
"cve": "CVE-2025-21687",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21687"
},
{
"cve": "CVE-2025-21688",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21688"
},
{
"cve": "CVE-2025-21689",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21689"
},
{
"cve": "CVE-2025-21690",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21690"
},
{
"cve": "CVE-2025-21692",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21692"
},
{
"cve": "CVE-2025-21693",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21693"
},
{
"cve": "CVE-2025-21697",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21697"
},
{
"cve": "CVE-2025-21699",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21699"
},
{
"cve": "CVE-2025-21700",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21700"
},
{
"cve": "CVE-2025-21701",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21701"
},
{
"cve": "CVE-2025-21703",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21703"
},
{
"cve": "CVE-2025-21704",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21704"
},
{
"cve": "CVE-2025-21705",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21705"
},
{
"cve": "CVE-2025-21706",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21706"
},
{
"cve": "CVE-2025-21708",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21708"
},
{
"cve": "CVE-2025-21711",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21711"
},
{
"cve": "CVE-2025-21714",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21714"
},
{
"cve": "CVE-2025-21715",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21715"
},
{
"cve": "CVE-2025-21716",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21716"
},
{
"cve": "CVE-2025-21718",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21718"
},
{
"cve": "CVE-2025-21719",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21719"
},
{
"cve": "CVE-2025-21723",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21723"
},
{
"cve": "CVE-2025-21724",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21724"
},
{
"cve": "CVE-2025-21725",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21725"
},
{
"cve": "CVE-2025-21726",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21726"
},
{
"cve": "CVE-2025-21727",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21727"
},
{
"cve": "CVE-2025-21728",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21728"
},
{
"cve": "CVE-2025-21731",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21731"
},
{
"cve": "CVE-2025-21732",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21732"
},
{
"cve": "CVE-2025-21733",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21733"
},
{
"cve": "CVE-2025-21734",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21734"
},
{
"cve": "CVE-2025-21735",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21735"
},
{
"cve": "CVE-2025-21736",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21736"
},
{
"cve": "CVE-2025-21738",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21738"
},
{
"cve": "CVE-2025-21739",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21739"
},
{
"cve": "CVE-2025-21741",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21741"
},
{
"cve": "CVE-2025-21742",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21742"
},
{
"cve": "CVE-2025-21743",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21743"
},
{
"cve": "CVE-2025-21744",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21744"
},
{
"cve": "CVE-2025-21745",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21745"
},
{
"cve": "CVE-2025-21749",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21749"
},
{
"cve": "CVE-2025-21750",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21750"
},
{
"cve": "CVE-2025-21753",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21753"
},
{
"cve": "CVE-2025-21754",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21754"
},
{
"cve": "CVE-2025-21756",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21756"
},
{
"cve": "CVE-2025-21759",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21759"
},
{
"cve": "CVE-2025-21760",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21760"
},
{
"cve": "CVE-2025-21761",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21761"
},
{
"cve": "CVE-2025-21762",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21762"
},
{
"cve": "CVE-2025-21763",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21763"
},
{
"cve": "CVE-2025-21764",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21764"
},
{
"cve": "CVE-2025-21765",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21765"
},
{
"cve": "CVE-2025-21766",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21766"
},
{
"cve": "CVE-2025-21767",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21767"
},
{
"cve": "CVE-2025-21772",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21772"
},
{
"cve": "CVE-2025-21773",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21773"
},
{
"cve": "CVE-2025-21775",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21775"
},
{
"cve": "CVE-2025-21776",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21776"
},
{
"cve": "CVE-2025-21779",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21779"
},
{
"cve": "CVE-2025-21780",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21780"
},
{
"cve": "CVE-2025-21781",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21781"
},
{
"cve": "CVE-2025-21782",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21782"
},
{
"cve": "CVE-2025-21784",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21784"
},
{
"cve": "CVE-2025-21785",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21785"
},
{
"cve": "CVE-2025-21790",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21790"
},
{
"cve": "CVE-2025-21791",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21791"
},
{
"cve": "CVE-2025-21793",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21793"
},
{
"cve": "CVE-2025-21794",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21794"
},
{
"cve": "CVE-2025-21795",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21795"
},
{
"cve": "CVE-2025-21796",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21796"
},
{
"cve": "CVE-2025-21799",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21799"
},
{
"cve": "CVE-2025-21802",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21802"
},
{
"cve": "CVE-2025-21804",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21804"
},
{
"cve": "CVE-2025-21810",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21810"
},
{
"cve": "CVE-2025-21815",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21815"
},
{
"cve": "CVE-2025-21819",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21819"
},
{
"cve": "CVE-2025-21820",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21820"
},
{
"cve": "CVE-2025-21821",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21821"
},
{
"cve": "CVE-2025-21823",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21823"
},
{
"cve": "CVE-2025-21825",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21825"
},
{
"cve": "CVE-2025-21828",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21828"
},
{
"cve": "CVE-2025-21829",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21829"
},
{
"cve": "CVE-2025-21830",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21830"
},
{
"cve": "CVE-2025-21831",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21831"
},
{
"cve": "CVE-2025-21832",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21832"
},
{
"cve": "CVE-2025-21835",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21835"
},
{
"cve": "CVE-2025-21838",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21838"
},
{
"cve": "CVE-2025-21844",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21844"
},
{
"cve": "CVE-2025-21846",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21846"
},
{
"cve": "CVE-2025-21847",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21847"
},
{
"cve": "CVE-2025-21848",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21848"
},
{
"cve": "CVE-2025-21850",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21850"
},
{
"cve": "CVE-2025-21855",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21855"
},
{
"cve": "CVE-2025-21856",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21856"
},
{
"cve": "CVE-2025-21857",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21857"
},
{
"cve": "CVE-2025-21858",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21858"
},
{
"cve": "CVE-2025-21859",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21859"
},
{
"cve": "CVE-2025-21861",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21861"
},
{
"cve": "CVE-2025-21862",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21862"
},
{
"cve": "CVE-2025-21864",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21864"
},
{
"cve": "CVE-2025-21865",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21865"
},
{
"cve": "CVE-2025-21866",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21866"
},
{
"cve": "CVE-2025-21869",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21869"
},
{
"cve": "CVE-2025-21870",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21870"
},
{
"cve": "CVE-2025-21871",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21871"
},
{
"cve": "CVE-2025-21876",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21876"
},
{
"cve": "CVE-2025-21877",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21877"
},
{
"cve": "CVE-2025-21878",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21878"
},
{
"cve": "CVE-2025-21883",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21883"
},
{
"cve": "CVE-2025-21885",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21885"
},
{
"cve": "CVE-2025-21886",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21886"
},
{
"cve": "CVE-2025-21888",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21888"
},
{
"cve": "CVE-2025-21890",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21890"
},
{
"cve": "CVE-2025-21891",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21891"
},
{
"cve": "CVE-2025-21892",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-21892"
},
{
"cve": "CVE-2025-22134",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22134"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-22247",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22247"
},
{
"cve": "CVE-2025-22868",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-24014",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24014"
},
{
"cve": "CVE-2025-24813",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-24855",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24855"
},
{
"cve": "CVE-2025-24928",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-24928"
},
{
"cve": "CVE-2025-2588",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-2588"
},
{
"cve": "CVE-2025-26465",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26465"
},
{
"cve": "CVE-2025-26466",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26466"
},
{
"cve": "CVE-2025-26597",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-26597"
},
{
"cve": "CVE-2025-27113",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27113"
},
{
"cve": "CVE-2025-27219",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27219"
},
{
"cve": "CVE-2025-27220",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27220"
},
{
"cve": "CVE-2025-27363",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-27363"
},
{
"cve": "CVE-2025-29087",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-29087"
},
{
"cve": "CVE-2025-29088",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-29088"
},
{
"cve": "CVE-2025-31115",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31115"
},
{
"cve": "CVE-2025-31335",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31335"
},
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-32414",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32414"
},
{
"cve": "CVE-2025-32415",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32415"
},
{
"cve": "CVE-2025-32728",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-32728"
},
{
"cve": "CVE-2025-3360",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-3360"
},
{
"cve": "CVE-2025-4207",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4207"
},
{
"cve": "CVE-2025-4382",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4382"
},
{
"cve": "CVE-2025-47268",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-47268"
},
{
"cve": "CVE-2025-4802",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-4802"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T044974",
"T002207"
]
},
"release_date": "2025-06-30T22:00:00.000+00:00",
"title": "CVE-2025-48734"
}
]
}
WID-SEC-W-2025-1850
Vulnerability from csaf_certbund - Published: 2025-08-14 22:00 - Updated: 2025-11-17 23:00Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - UNIX
- Windows
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1850 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1850.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1850 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1850"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX25-014 vom 2025-08-14",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-XRX25-014-for-Xerox-FreeFlow-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "Xerox Security Bulletin XRX25-015 vom 2025-08-14",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/08/Xerox-Security-Bulletin-XRX25-015-Xerox-FreeFlow-Print-Server-v2_Windows-10.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-017 vom 2025-10-07",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/10/Xerox-Security-Bulletin-XRX25-017-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-016 vom 2025-10-07",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/10/Xerox-Security-Bulletin-XRX25-016-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-018 vom 2025-11-18",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/11/Xerox-Security-Bulletin-XRX25-018-Xerox-FreeFlow-Print-Server-v7.pdf"
}
],
"source_lang": "en-US",
"title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2025-11-17T23:00:00.000+00:00",
"generator": {
"date": "2025-11-18T08:12:52.112+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1850",
"initial_release_date": "2025-08-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-11-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von XEROX aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
},
{
"category": "product_version",
"name": "v7",
"product": {
"name": "Xerox FreeFlow Print Server v7",
"product_id": "T035098",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7"
}
}
},
{
"category": "product_version",
"name": "v7",
"product": {
"name": "Xerox FreeFlow Print Server v7",
"product_id": "T046288",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7"
}
}
},
{
"category": "product_version",
"name": "v2",
"product": {
"name": "Xerox FreeFlow Print Server v2",
"product_id": "T046289",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v2"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-12718"
},
{
"cve": "CVE-2024-12797",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-12797"
},
{
"cve": "CVE-2024-13176",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2024-36350",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-36350"
},
{
"cve": "CVE-2024-36357",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-36357"
},
{
"cve": "CVE-2024-37894",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-37894"
},
{
"cve": "CVE-2024-42516",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-43394",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-43394"
},
{
"cve": "CVE-2024-45802",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-45802"
},
{
"cve": "CVE-2024-47252",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-48615",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-48615"
},
{
"cve": "CVE-2024-56406",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2024-8176",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2025-1632",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-1632"
},
{
"cve": "CVE-2025-1795",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-1795"
},
{
"cve": "CVE-2025-21574",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21574"
},
{
"cve": "CVE-2025-21575",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21575"
},
{
"cve": "CVE-2025-21577",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21577"
},
{
"cve": "CVE-2025-21579",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21579"
},
{
"cve": "CVE-2025-21580",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21580"
},
{
"cve": "CVE-2025-21581",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21581"
},
{
"cve": "CVE-2025-21583",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21583"
},
{
"cve": "CVE-2025-21584",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21584"
},
{
"cve": "CVE-2025-21585",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21585"
},
{
"cve": "CVE-2025-21588",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-21588"
},
{
"cve": "CVE-2025-23048",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-25724",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-25724"
},
{
"cve": "CVE-2025-2817",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-2817"
},
{
"cve": "CVE-2025-29915",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-29915"
},
{
"cve": "CVE-2025-29916",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-29916"
},
{
"cve": "CVE-2025-29917",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-29917"
},
{
"cve": "CVE-2025-29918",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-29918"
},
{
"cve": "CVE-2025-30681",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30681"
},
{
"cve": "CVE-2025-30682",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30682"
},
{
"cve": "CVE-2025-30683",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30683"
},
{
"cve": "CVE-2025-30684",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30684"
},
{
"cve": "CVE-2025-30685",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30685"
},
{
"cve": "CVE-2025-30687",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30687"
},
{
"cve": "CVE-2025-30688",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30688"
},
{
"cve": "CVE-2025-30689",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30689"
},
{
"cve": "CVE-2025-30693",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30693"
},
{
"cve": "CVE-2025-30695",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30695"
},
{
"cve": "CVE-2025-30696",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30696"
},
{
"cve": "CVE-2025-30699",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30699"
},
{
"cve": "CVE-2025-30703",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30703"
},
{
"cve": "CVE-2025-30704",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30704"
},
{
"cve": "CVE-2025-30705",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30705"
},
{
"cve": "CVE-2025-30715",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30715"
},
{
"cve": "CVE-2025-30721",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30721"
},
{
"cve": "CVE-2025-30722",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30722"
},
{
"cve": "CVE-2025-30749",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30749"
},
{
"cve": "CVE-2025-30754",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30754"
},
{
"cve": "CVE-2025-30761",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-30761"
},
{
"cve": "CVE-2025-31498",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-31498"
},
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-3875",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-3875"
},
{
"cve": "CVE-2025-3877",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-3877"
},
{
"cve": "CVE-2025-3909",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-3909"
},
{
"cve": "CVE-2025-3932",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-3932"
},
{
"cve": "CVE-2025-4082",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4082"
},
{
"cve": "CVE-2025-4083",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4083"
},
{
"cve": "CVE-2025-4084",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4084"
},
{
"cve": "CVE-2025-4085",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4085"
},
{
"cve": "CVE-2025-4086",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4086"
},
{
"cve": "CVE-2025-4087",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4087"
},
{
"cve": "CVE-2025-4088",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4088"
},
{
"cve": "CVE-2025-4089",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4089"
},
{
"cve": "CVE-2025-4090",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4090"
},
{
"cve": "CVE-2025-40909",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-40909"
},
{
"cve": "CVE-2025-4091",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4091"
},
{
"cve": "CVE-2025-4092",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4092"
},
{
"cve": "CVE-2025-4093",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4093"
},
{
"cve": "CVE-2025-4138",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4138"
},
{
"cve": "CVE-2025-4330",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4330"
},
{
"cve": "CVE-2025-4516",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4516"
},
{
"cve": "CVE-2025-4517",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4575",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4575"
},
{
"cve": "CVE-2025-46701",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-46802",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-46802"
},
{
"cve": "CVE-2025-46804",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-46804"
},
{
"cve": "CVE-2025-46805",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-46805"
},
{
"cve": "CVE-2025-47159",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47159"
},
{
"cve": "CVE-2025-47971",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47971"
},
{
"cve": "CVE-2025-47972",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47972"
},
{
"cve": "CVE-2025-47973",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47973"
},
{
"cve": "CVE-2025-47975",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47975"
},
{
"cve": "CVE-2025-47976",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47976"
},
{
"cve": "CVE-2025-47980",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47980"
},
{
"cve": "CVE-2025-47981",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47981"
},
{
"cve": "CVE-2025-47982",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47982"
},
{
"cve": "CVE-2025-47984",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47984"
},
{
"cve": "CVE-2025-47985",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47985"
},
{
"cve": "CVE-2025-47986",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47986"
},
{
"cve": "CVE-2025-47987",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47987"
},
{
"cve": "CVE-2025-47991",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47991"
},
{
"cve": "CVE-2025-47996",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47996"
},
{
"cve": "CVE-2025-47999",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-47999"
},
{
"cve": "CVE-2025-48000",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48000"
},
{
"cve": "CVE-2025-48001",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48001"
},
{
"cve": "CVE-2025-48799",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48799"
},
{
"cve": "CVE-2025-48800",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48800"
},
{
"cve": "CVE-2025-48803",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48803"
},
{
"cve": "CVE-2025-48804",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48804"
},
{
"cve": "CVE-2025-48805",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48805"
},
{
"cve": "CVE-2025-48806",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48806"
},
{
"cve": "CVE-2025-48808",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48808"
},
{
"cve": "CVE-2025-48811",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48811"
},
{
"cve": "CVE-2025-48814",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48814"
},
{
"cve": "CVE-2025-48815",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48815"
},
{
"cve": "CVE-2025-48816",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48816"
},
{
"cve": "CVE-2025-48817",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48817"
},
{
"cve": "CVE-2025-48818",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48818"
},
{
"cve": "CVE-2025-48819",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48819"
},
{
"cve": "CVE-2025-48820",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48820"
},
{
"cve": "CVE-2025-48821",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48821"
},
{
"cve": "CVE-2025-48822",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48822"
},
{
"cve": "CVE-2025-48823",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-48823"
},
{
"cve": "CVE-2025-4918",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4918"
},
{
"cve": "CVE-2025-4919",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-4919"
},
{
"cve": "CVE-2025-49630",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49630"
},
{
"cve": "CVE-2025-49658",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49658"
},
{
"cve": "CVE-2025-49659",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49659"
},
{
"cve": "CVE-2025-49660",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49660"
},
{
"cve": "CVE-2025-49661",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49661"
},
{
"cve": "CVE-2025-49664",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49664"
},
{
"cve": "CVE-2025-49665",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49665"
},
{
"cve": "CVE-2025-49667",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49667"
},
{
"cve": "CVE-2025-49675",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49675"
},
{
"cve": "CVE-2025-49678",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49678"
},
{
"cve": "CVE-2025-49679",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49679"
},
{
"cve": "CVE-2025-49680",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49680"
},
{
"cve": "CVE-2025-49683",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49683"
},
{
"cve": "CVE-2025-49684",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49684"
},
{
"cve": "CVE-2025-49686",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49686"
},
{
"cve": "CVE-2025-49687",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49687"
},
{
"cve": "CVE-2025-49689",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49689"
},
{
"cve": "CVE-2025-49691",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49691"
},
{
"cve": "CVE-2025-49709",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49709"
},
{
"cve": "CVE-2025-49710",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49710"
},
{
"cve": "CVE-2025-49721",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49721"
},
{
"cve": "CVE-2025-49722",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49722"
},
{
"cve": "CVE-2025-49725",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49725"
},
{
"cve": "CVE-2025-49726",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49726"
},
{
"cve": "CVE-2025-49727",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49727"
},
{
"cve": "CVE-2025-49730",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49730"
},
{
"cve": "CVE-2025-49732",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49732"
},
{
"cve": "CVE-2025-49740",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49740"
},
{
"cve": "CVE-2025-49742",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49742"
},
{
"cve": "CVE-2025-49744",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49744"
},
{
"cve": "CVE-2025-49760",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49760"
},
{
"cve": "CVE-2025-49812",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-49812"
},
{
"cve": "CVE-2025-50059",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-50059"
},
{
"cve": "CVE-2025-50106",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-50106"
},
{
"cve": "CVE-2025-5263",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5263"
},
{
"cve": "CVE-2025-5264",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5264"
},
{
"cve": "CVE-2025-5265",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5265"
},
{
"cve": "CVE-2025-5266",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5266"
},
{
"cve": "CVE-2025-5267",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5267"
},
{
"cve": "CVE-2025-5268",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5268"
},
{
"cve": "CVE-2025-5269",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5269"
},
{
"cve": "CVE-2025-5270",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5270"
},
{
"cve": "CVE-2025-5271",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5271"
},
{
"cve": "CVE-2025-5272",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5272"
},
{
"cve": "CVE-2025-5283",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5283"
},
{
"cve": "CVE-2025-53020",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-53020"
},
{
"cve": "CVE-2025-5601",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-5601"
},
{
"cve": "CVE-2025-6424",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6424"
},
{
"cve": "CVE-2025-6425",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6425"
},
{
"cve": "CVE-2025-6426",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6426"
},
{
"cve": "CVE-2025-6427",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6427"
},
{
"cve": "CVE-2025-6428",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6428"
},
{
"cve": "CVE-2025-6429",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6429"
},
{
"cve": "CVE-2025-6430",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6430"
},
{
"cve": "CVE-2025-6431",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6431"
},
{
"cve": "CVE-2025-6432",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6432"
},
{
"cve": "CVE-2025-6433",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6433"
},
{
"cve": "CVE-2025-6434",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6434"
},
{
"cve": "CVE-2025-6435",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6435"
},
{
"cve": "CVE-2025-6436",
"product_status": {
"known_affected": [
"T035098",
"T002977",
"T046288",
"T046289"
]
},
"release_date": "2025-08-14T22:00:00.000+00:00",
"title": "CVE-2025-6436"
}
]
}
WID-SEC-W-2025-1365
Vulnerability from csaf_certbund - Published: 2025-06-19 22:00 - Updated: 2025-07-15 22:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, um beliebige Befehle auszuführen und um nicht näher spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Linux
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren, um beliebige Befehle auszuf\u00fchren und um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1365 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1365.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1365 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1365"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7237317 vom 2025-06-19",
"url": "https://www.ibm.com/support/pages/node/7237317"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7237316 vom 2025-06-19",
"url": "https://www.ibm.com/support/pages/node/7237316"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7239757 vom 2025-07-15",
"url": "https://www.ibm.com/support/pages/node/7239757"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-15T22:00:00.000+00:00",
"generator": {
"date": "2025-07-16T07:32:15.040+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1365",
"initial_release_date": "2025-06-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-06-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP12 IF02",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP12 IF02",
"product_id": "T044767"
}
},
{
"category": "product_version",
"name": "7.5.0 UP12 IF02",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP12 IF02",
"product_id": "T044767-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0:up12_if02"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9840",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2016-9840"
},
{
"cve": "CVE-2020-11971",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2020-11971"
},
{
"cve": "CVE-2020-13790",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2020-13790"
},
{
"cve": "CVE-2022-49011",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2022-49011"
},
{
"cve": "CVE-2023-0286",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2024-12087",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-12087"
},
{
"cve": "CVE-2024-12088",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-12088"
},
{
"cve": "CVE-2024-12747",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-12747"
},
{
"cve": "CVE-2024-40906",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-40906"
},
{
"cve": "CVE-2024-43842",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-43842"
},
{
"cve": "CVE-2024-53141",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-53141"
},
{
"cve": "CVE-2024-53150",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-53150"
},
{
"cve": "CVE-2024-53241",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-53241"
},
{
"cve": "CVE-2024-8176",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2024-8176"
},
{
"cve": "CVE-2025-0395",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-0395"
},
{
"cve": "CVE-2025-22869",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-24528",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-24528"
},
{
"cve": "CVE-2025-31650",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-46701",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-36050",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-36050"
},
{
"cve": "CVE-2025-33121",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-33121"
},
{
"cve": "CVE-2025-33117",
"product_status": {
"known_affected": [
"T044767",
"T021415"
]
},
"release_date": "2025-06-19T22:00:00.000+00:00",
"title": "CVE-2025-33117"
}
]
}
alsa-2025:23049
Vulnerability from osv_almalinux
Published
2025-12-10 00:00
Modified
2025-12-17 11:42
Summary
Important: tomcat security update
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
- tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
- tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat-admin-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat-docs-webapp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat-el-3.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat-jsp-2.3-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat-lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat-servlet-4.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tomcat-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-6.el9_7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\nSecurity Fix(es): \n\n * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:23049",
"modified": "2025-12-17T11:42:14Z",
"published": "2025-12-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2362782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2406591"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-23049.html"
}
],
"related": [
"CVE-2025-31651",
"CVE-2025-55752"
],
"summary": "Important: tomcat security update"
}
alsa-2025:23052
Vulnerability from osv_almalinux
Published
2025-12-10 00:00
Modified
2025-12-17 11:36
Summary
Important: tomcat9 security update
Details
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
- tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
- tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9-admin-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9-docs-webapp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9-el-3.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9-jsp-2.3-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9-lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9-servlet-4.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat9-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-8.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. \n\nSecurity Fix(es): \n\n * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:23052",
"modified": "2025-12-17T11:36:41Z",
"published": "2025-12-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2362782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2406591"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-23052.html"
}
],
"related": [
"CVE-2025-31651",
"CVE-2025-55752"
],
"summary": "Important: tomcat9 security update"
}
alsa-2025:23050
Vulnerability from osv_almalinux
Published
2025-12-10 00:00
Modified
2025-12-17 11:40
Summary
Important: tomcat security update
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
- tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
- tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
- tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat-admin-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat-docs-webapp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat-el-5.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat-jsp-3.1-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat-lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat-servlet-6.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "tomcat-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:10.1.36-3.el10_1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\nSecurity Fix(es): \n\n * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)\n * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:23050",
"modified": "2025-12-17T11:40:04Z",
"published": "2025-12-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2362782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2406588"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2406591"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-23050.html"
}
],
"related": [
"CVE-2025-31651",
"CVE-2025-61795",
"CVE-2025-55752"
],
"summary": "Important: tomcat security update"
}
alsa-2025:23048
Vulnerability from osv_almalinux
Published
2025-12-10 00:00
Modified
2025-12-11 14:01
Summary
Important: tomcat security update
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
- tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
- tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat-admin-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat-docs-webapp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat-el-3.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat-jsp-2.3-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat-lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat-servlet-4.0-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tomcat-webapps"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.0.87-1.el8_10.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. \n\nSecurity Fix(es): \n\n * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n * tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:23048",
"modified": "2025-12-11T14:01:21Z",
"published": "2025-12-10T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2362782"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2406591"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-23048.html"
}
],
"related": [
"CVE-2025-31651",
"CVE-2025-55752"
],
"summary": "Important: tomcat security update"
}
CERTFR-2026-AVI-0322
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu GemFire C++ et .NET Framework Clients versions antérieures à 10.4.8 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu GemFire Session Management versions antérieures à 1.1.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire Search versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu GemFire sur Kubernetes versions antérieures à 2.6.2 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire versions antérieures à 10.0.8 | ||
| VMware | Tanzu | Tanzu GemFire Vector Database versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu Data Flow sur Kubernetes versions antérieures à 2.0.4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu GemFire C++ et .NET Framework Clients versions ant\u00e9rieures \u00e0 10.4.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Session Management versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Search versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire sur Kubernetes versions ant\u00e9rieures \u00e0 2.6.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.0.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow sur Kubernetes versions ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2026-25518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25518"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0322",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37257",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37257"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37260",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37260"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37259",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37259"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37255",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37255"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37253",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37253"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37262",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37262"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37251",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37251"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37252",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37252"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37261",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37261"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37256",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37256"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37248",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37248"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37258",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37258"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37250",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37250"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37254",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37254"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37249",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37249"
}
]
}
CERTFR-2025-AVI-0622
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows | ||
| VMware | N/A | Stemcells sans le dernier correctif de sécurité | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu | Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0 | ||
| VMware | Tanzu | Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1 | ||
| VMware | Tanzu Application Service | Tanzu Application Service versions antérieures à 1.16.11 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Application Service | Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11 | ||
| VMware | Tanzu | File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2023-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2020-36843",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-24579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-36056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2023-33199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2023-30551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-35929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2024-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2022-29173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2024-29902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2025-47290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-29903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
},
{
"name": "CVE-2025-4575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0622",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
}
]
}
CERTFR-2025-AVI-0524
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.8.0 | ||
| VMware | Tanzu | Tanzu Data Lake versions antérieures à 1.1.0 | ||
| VMware | Tanzu | Tanzu pour Postgres sur Kubernetes versions antérieures à 4.1.0 et 4.2.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions antérieures à 6.14.0 et 7.4.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à 1.31.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 6.x antérieures à 6.29.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 7.x antérieures à 7.5.0 | ||
| VMware | Tanzu | VMware Tanzu pour Valkey sur Kubernetes versions antérieures à 1.1.0 et 2.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.0 et 4.2.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions ant\u00e9rieures \u00e0 6.14.0 et 7.4.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e0 1.31.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 6.x ant\u00e9rieures \u00e0 6.29.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 7.x ant\u00e9rieures \u00e0 7.5.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour Valkey sur Kubernetes versions ant\u00e9rieures \u00e0 1.1.0 et 2.0.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2126"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2021-45943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2022-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0543"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2024-1580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1580"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2022-42967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42967"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2012-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0880"
},
{
"name": "CVE-2017-17507",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17507"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2018-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10126"
},
{
"name": "CVE-2018-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11205"
},
{
"name": "CVE-2018-13866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13866"
},
{
"name": "CVE-2018-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13867"
},
{
"name": "CVE-2018-13868",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13868"
},
{
"name": "CVE-2018-13869",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13869"
},
{
"name": "CVE-2018-13870",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13870"
},
{
"name": "CVE-2018-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13871"
},
{
"name": "CVE-2018-13872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13872"
},
{
"name": "CVE-2018-13874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13874"
},
{
"name": "CVE-2018-13875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13875"
},
{
"name": "CVE-2018-13876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13876"
},
{
"name": "CVE-2018-14031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14031"
},
{
"name": "CVE-2018-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14033"
},
{
"name": "CVE-2018-14034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14034"
},
{
"name": "CVE-2018-14035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14035"
},
{
"name": "CVE-2018-14460",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14460"
},
{
"name": "CVE-2018-15671",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15671"
},
{
"name": "CVE-2018-16438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16438"
},
{
"name": "CVE-2018-17432",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17432"
},
{
"name": "CVE-2018-17433",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17433"
},
{
"name": "CVE-2018-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17434"
},
{
"name": "CVE-2018-17435",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17435"
},
{
"name": "CVE-2018-17436",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17436"
},
{
"name": "CVE-2018-17437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17437"
},
{
"name": "CVE-2018-17438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17438"
},
{
"name": "CVE-2018-17439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17439"
},
{
"name": "CVE-2019-20005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20005"
},
{
"name": "CVE-2019-20006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20006"
},
{
"name": "CVE-2019-20007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20007"
},
{
"name": "CVE-2019-20198",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20198"
},
{
"name": "CVE-2019-20199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20199"
},
{
"name": "CVE-2019-20200",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20200"
},
{
"name": "CVE-2019-20201",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20201"
},
{
"name": "CVE-2019-20202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20202"
},
{
"name": "CVE-2019-6988",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6988"
},
{
"name": "CVE-2019-8396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8396"
},
{
"name": "CVE-2019-8397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8397"
},
{
"name": "CVE-2019-8398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8398"
},
{
"name": "CVE-2019-9151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9151"
},
{
"name": "CVE-2019-9152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9152"
},
{
"name": "CVE-2020-10809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10809"
},
{
"name": "CVE-2020-10810",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10810"
},
{
"name": "CVE-2020-10811",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10811"
},
{
"name": "CVE-2020-10812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10812"
},
{
"name": "CVE-2020-18232",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18232"
},
{
"name": "CVE-2020-18494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18494"
},
{
"name": "CVE-2021-26220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26220"
},
{
"name": "CVE-2021-26221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26221"
},
{
"name": "CVE-2021-26222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26222"
},
{
"name": "CVE-2021-30485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30485"
},
{
"name": "CVE-2021-31229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31229"
},
{
"name": "CVE-2021-31347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31347"
},
{
"name": "CVE-2021-31348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31348"
},
{
"name": "CVE-2021-31598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31598"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2021-37501",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37501"
},
{
"name": "CVE-2021-45829",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45829"
},
{
"name": "CVE-2021-45830",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45830"
},
{
"name": "CVE-2021-45832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45832"
},
{
"name": "CVE-2021-45833",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45833"
},
{
"name": "CVE-2021-46242",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46242"
},
{
"name": "CVE-2021-46243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46243"
},
{
"name": "CVE-2021-46244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46244"
},
{
"name": "CVE-2022-25942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25942"
},
{
"name": "CVE-2022-25972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25972"
},
{
"name": "CVE-2022-26061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26061"
},
{
"name": "CVE-2022-30045",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30045"
},
{
"name": "CVE-2022-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4055"
},
{
"name": "CVE-2022-47655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47655"
},
{
"name": "CVE-2023-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0996"
},
{
"name": "CVE-2023-29659",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29659"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-39329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39329"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2023-6879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6879"
},
{
"name": "CVE-2024-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
},
{
"name": "CVE-2024-29157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29157"
},
{
"name": "CVE-2024-29158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29158"
},
{
"name": "CVE-2024-29159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29159"
},
{
"name": "CVE-2024-29160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29160"
},
{
"name": "CVE-2024-29161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29161"
},
{
"name": "CVE-2024-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29162"
},
{
"name": "CVE-2024-29163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29163"
},
{
"name": "CVE-2024-29164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29164"
},
{
"name": "CVE-2024-29165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29165"
},
{
"name": "CVE-2024-29166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29166"
},
{
"name": "CVE-2024-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32605"
},
{
"name": "CVE-2024-32606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32606"
},
{
"name": "CVE-2024-32607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32607"
},
{
"name": "CVE-2024-32608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32608"
},
{
"name": "CVE-2024-32609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32609"
},
{
"name": "CVE-2024-32610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32610"
},
{
"name": "CVE-2024-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32611"
},
{
"name": "CVE-2024-32612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32612"
},
{
"name": "CVE-2024-32613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32613"
},
{
"name": "CVE-2024-32614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32614"
},
{
"name": "CVE-2024-32615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32615"
},
{
"name": "CVE-2024-32616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32616"
},
{
"name": "CVE-2024-32617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32617"
},
{
"name": "CVE-2024-32618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32618"
},
{
"name": "CVE-2024-32619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32619"
},
{
"name": "CVE-2024-32620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32620"
},
{
"name": "CVE-2024-32621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32621"
},
{
"name": "CVE-2024-32622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32622"
},
{
"name": "CVE-2024-32623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32623"
},
{
"name": "CVE-2024-32624",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32624"
},
{
"name": "CVE-2024-33873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33873"
},
{
"name": "CVE-2024-33874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33874"
},
{
"name": "CVE-2024-33875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33875"
},
{
"name": "CVE-2024-33876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33876"
},
{
"name": "CVE-2024-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33877"
},
{
"name": "CVE-2024-34402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34402"
},
{
"name": "CVE-2024-34403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34403"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2024-46981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46981"
},
{
"name": "CVE-2024-49203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49203"
},
{
"name": "CVE-2024-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5171"
},
{
"name": "CVE-2024-51741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51741"
},
{
"name": "CVE-2024-52522",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52522"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2024-56378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56378"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2024-6716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6716"
},
{
"name": "CVE-2025-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2153"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-23022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23022"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0524",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35841",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35841"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35844",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35844"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35843",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35843"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35842",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35842"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35846",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35846"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35849",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35849"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35840",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35840"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35847",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35847"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35839",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35839"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35845",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35845"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35848",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35848"
}
]
}
CERTFR-2026-AVI-0199
Vulnerability from certfr_avis - Published: 2026-02-24 - Updated: 2026-02-24
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 4.x et 5.x sans le correctif de sécurité KB428241 | ||
| VMware | Tanzu Data Services | Tanzu Data Flow versions antérieures à 2.0.2 sur Tanzu Platform | ||
| VMware | Azure Spring Enterprise | Harbor Registry versions antérieures à 2.14.2 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour MySQL versions 2.0.0 sur Kubernetes | ||
| VMware | Cloud Foundation | Cloud Foundation versions 9.x antérieures à 9.0.2.0 | ||
| VMware | Tanzu Kubernetes Runtime | App Metrics versions antérieures à2.3.3 | ||
| VMware | Tanzu Data Intelligence | Tanzu GemFire versions antérieures à 2.6.1 sur Kubernetes | ||
| VMware | Tanzu Kubernetes Runtime | CredHub Secrets Management pour Tanzu Platform versions antérieures à 1.6.8 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Valkey version 3.3.1 sur Kubernetes | ||
| VMware | Tanzu Operations Manager | Foundation Core pour Tanzu Platform versions antérieures à 3.2.4 | ||
| VMware | Aria Operations | Aria Operations versions 8.x antérieures à 8.18.6 | ||
| VMware | Tanzu Kubernetes Runtime | cf-mgmt pour Tanzu Platform versions antérieures à 1.0.108 | ||
| VMware | Tanzu Data Intelligence | Tanzu pour Valkey version 9.0.1 | ||
| VMware | Tanzu Kubernetes Runtime | Extended App Support pour Tanzu Platform versions antérieures à 1.0.15 | ||
| VMware | Tanzu Data Intelligence | Tanzu GemFire Management versions antérieures à 1.4.3 | ||
| VMware | Tanzu Kubernetes Runtime | NodeJS Buildpack versions antérieures à 1.8.77 | ||
| VMware | Tanzu Kubernetes Runtime | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.5 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.x et 5.x sans le correctif de sécurité KB92148 | ||
| VMware | Tanzu Kubernetes Runtime | AI Services pour Tanzu Platform versions antérieures à 10.3.4 | ||
| VMware | Tanzu Kubernetes Runtime | Java Buildpack versions antérieures à 4.89.0 | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de sécurité KB428241 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Platform versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB428241",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow versions ant\u00e9rieures \u00e0 2.0.2 sur Tanzu Platform",
"product": {
"name": "Tanzu Data Services",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Harbor Registry versions ant\u00e9rieures \u00e0 2.14.2",
"product": {
"name": "Azure Spring Enterprise",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour MySQL versions 2.0.0 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.2.0",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Metrics versions ant\u00e9rieures \u00e02.3.3",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 2.6.1 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "CredHub Secrets Management pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.8",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey version 3.3.1 sur Kubernetes",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Foundation Core pour Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "Tanzu Operations Manager",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.6",
"product": {
"name": "Aria Operations",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "cf-mgmt pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.108",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey version 9.0.1",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.15",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Management versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "Tanzu Data Intelligence",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.77",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB92148",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.4",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.89.0",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de s\u00e9curit\u00e9 KB428241",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47219"
},
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2021-42384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2017-16544",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16544"
},
{
"name": "CVE-2025-39987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
},
{
"name": "CVE-2021-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2022-24450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2021-42382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
},
{
"name": "CVE-2020-10750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10750"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-40055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
},
{
"name": "CVE-2021-42376",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2025-39876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39876"
},
{
"name": "CVE-2025-40029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
},
{
"name": "CVE-2025-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38561"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-40048",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2025-40219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2025-40043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2021-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2025-59775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-39973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2018-1000517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000517"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-39943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
},
{
"name": "CVE-2025-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
},
{
"name": "CVE-2025-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-40019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
},
{
"name": "CVE-2025-40240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-40081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2024-58011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-40026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
},
{
"name": "CVE-2025-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2025-40121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
},
{
"name": "CVE-2026-1642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2025-55753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55753"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-40204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
},
{
"name": "CVE-2025-40171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2025-39911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39911"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10543"
},
{
"name": "CVE-2025-40125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
},
{
"name": "CVE-2025-40349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40349"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2019-5481",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5481"
},
{
"name": "CVE-2025-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26646"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-29222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29222"
},
{
"name": "CVE-2025-40187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2025-39913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39913"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2025-39967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
},
{
"name": "CVE-2025-40115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2021-42386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2025-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-29190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29190"
},
{
"name": "CVE-2025-40173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2024-56538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
},
{
"name": "CVE-2025-39923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39923"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2018-20679",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20679"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2025-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2021-38297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
},
{
"name": "CVE-2025-39969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2017-15873",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15873"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2025-40194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
},
{
"name": "CVE-2025-40245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2025-40001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
},
{
"name": "CVE-2026-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2025-40035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2025-39988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
},
{
"name": "CVE-2026-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22719"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2022-39399",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39399"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-38584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38584"
},
{
"name": "CVE-2021-42374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-40233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
},
{
"name": "CVE-2025-40020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2025-40188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-66200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2021-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2023-34231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34231"
},
{
"name": "CVE-2026-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0988"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-65637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2023-47090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47090"
},
{
"name": "CVE-2025-40049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2025-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
},
{
"name": "CVE-2022-29946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29946"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2025-40205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-40027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
},
{
"name": "CVE-2025-39885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39885"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-30215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30215"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-39970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2025-39994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22036"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22058"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-28391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-40109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
},
{
"name": "CVE-2025-40006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2022-26652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26652"
},
{
"name": "CVE-2025-40011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2023-42365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42365"
},
{
"name": "CVE-2025-40231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40231"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2021-42379",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2025-23143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23143"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2025-65082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2025-40183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
},
{
"name": "CVE-2021-42381",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2025-40134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
},
{
"name": "CVE-2017-15874",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15874"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2025-39968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-39986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2025-58098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58098"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2025-40078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-40116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
},
{
"name": "CVE-2025-68249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68249"
},
{
"name": "CVE-2026-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0990"
},
{
"name": "CVE-2025-39934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2025-40179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
},
{
"name": "CVE-2025-40127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-39996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2026-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22721"
},
{
"name": "CVE-2025-40053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2025-39951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2025-40120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2022-48174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48174"
},
{
"name": "CVE-2025-61594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-5025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-40243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2023-42364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42364"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2025-40118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2025-40021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2019-5747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5747"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-40044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2018-1000500",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000500"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-26014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26014"
},
{
"name": "CVE-2021-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
},
{
"name": "CVE-2025-40112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
},
{
"name": "CVE-2024-27289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2025-40154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2021-42385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2025-40126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
},
{
"name": "CVE-2025-39972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2025-38236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38236"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-40124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
},
{
"name": "CVE-2025-39880",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39880"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2026-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21941"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-40111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-40068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
},
{
"name": "CVE-2025-40042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2026-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0992"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2026-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21947"
},
{
"name": "CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2019-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-39937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-40060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2019-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5443"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-60876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60876"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"name": "CVE-2025-11065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11065"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2026-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
},
{
"name": "CVE-2025-4947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
},
{
"name": "CVE-2025-40178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-39869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39869"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-39985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2023-22006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22006"
},
{
"name": "CVE-2019-5435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5435"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2026-1489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2025-8732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2026-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22720"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-42363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42363"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2025-40346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40346"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-40030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
},
{
"name": "CVE-2025-40244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
},
{
"name": "CVE-2025-39995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2025-39907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39907"
},
{
"name": "CVE-2023-42366",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2025-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2025-40223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2024-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
},
{
"name": "CVE-2024-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
},
{
"name": "CVE-2026-22703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22703"
},
{
"name": "CVE-2026-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0989"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-39873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39873"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2022-29189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29189"
},
{
"name": "CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"name": "CVE-2025-40351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40351"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
},
{
"name": "CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
}
],
"initial_release_date": "2026-02-24T00:00:00",
"last_revision_date": "2026-02-24T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0199",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37012",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37012"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37001",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37001"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37013",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37013"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37003",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37003"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37023",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37023"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37017",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37017"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37006",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37006"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37024",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37024"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36997",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36997"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37004",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37004"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36947",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37018",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37018"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37005",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37005"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37008",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37008"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37007",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37007"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37020",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37020"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36998",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36998"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37002",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37002"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37021",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37021"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37022",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37022"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37016",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37016"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37019",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37019"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37010",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37010"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37009",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37009"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37000",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37000"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37011",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37011"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37015",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37015"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37014",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37014"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36999",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36999"
}
]
}
CERTFR-2025-AVI-0352
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.40",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.104",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0352",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.104",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.104"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.40",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.40"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.6",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.6"
}
]
}
CERTFR-2025-AVI-0754
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Gemfire | Tanzu GemFire Management Console versions antérieures à 1.4.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 7.5.4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu GemFire Management Console versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 7.5.4",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0754",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0094",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36085"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0095",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36086"
}
]
}
CERTFR-2026-AVI-0281
Vulnerability from certfr_avis - Published: 2026-03-12 - Updated: 2026-03-12
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk AppDynamics On-Premises Enterprise Console | Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x antérieures à 26.1.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.12 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.124 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.9 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.1 | ||
| Splunk | Splunk AppDynamics NodeJS Agent | Splunk AppDynamics NodeJS Agent versions 25.12.x antérieures à 25.12.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.4 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.10 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.17 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions 26.1.x antérieures à 26.1.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk AppDynamics Private Synthetic Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics On-Premises Enterprise Console versions 26.1.x ant\u00e9rieures \u00e0 26.1.1",
"product": {
"name": "Splunk AppDynamics On-Premises Enterprise Console",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.12",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.124",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.9",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics NodeJS Agent versions 25.12.x ant\u00e9rieures \u00e0 25.12.1",
"product": {
"name": "Splunk AppDynamics NodeJS Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.4",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.10",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.17",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions 26.1.x ant\u00e9rieures \u00e0 26.1.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.7",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2018-16864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16864"
},
{
"name": "CVE-2025-48073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48073"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-11219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11219"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-1594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1594"
},
{
"name": "CVE-2025-3887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3887"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2025-4574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4574"
},
{
"name": "CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"name": "CVE-2025-12433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12433"
},
{
"name": "CVE-2025-12444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12444"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2025-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11213"
},
{
"name": "CVE-2025-8556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-12036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12036"
},
{
"name": "CVE-2012-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0871"
},
{
"name": "CVE-2025-4056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4056"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2025-0518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0518"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2025-12438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12438"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2025-12435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12435"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2013-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4394"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2025-64183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64183"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-47808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47808"
},
{
"name": "CVE-2021-46877",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2017-18078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18078"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2025-11207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11207"
},
{
"name": "CVE-2021-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35939"
},
{
"name": "CVE-2025-13223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13223"
},
{
"name": "CVE-2025-12431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12431"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"name": "CVE-2026-21226",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21226"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12445"
},
{
"name": "CVE-2025-12437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12437"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2025-69230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69230"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-0716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0716"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-12434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12434"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-12439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12439"
},
{
"name": "CVE-2018-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16865"
},
{
"name": "CVE-2025-14874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14874"
},
{
"name": "CVE-2020-17521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
},
{
"name": "CVE-2024-54677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54677"
},
{
"name": "CVE-2025-48072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48072"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-12432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12432"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-10966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2026-20165",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20165"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2025-22919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22919"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-48964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
},
{
"name": "CVE-2025-12443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12443"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"name": "CVE-2023-6602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6602"
},
{
"name": "CVE-2025-11215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11215"
},
{
"name": "CVE-2013-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4393"
},
{
"name": "CVE-2019-3842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
},
{
"name": "CVE-2025-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11205"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2025-11208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11208"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-8372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8372"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-3360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11756"
},
{
"name": "CVE-2025-59730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59730"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2025-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11212"
},
{
"name": "CVE-2025-12495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12495"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2021-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35937"
},
{
"name": "CVE-2025-12840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12840"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-11458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11458"
},
{
"name": "CVE-2020-1712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1712"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-12429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12429"
},
{
"name": "CVE-2026-20164",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20164"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-11211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11211"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2025-59250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59250"
},
{
"name": "CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2025-47807",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47807"
},
{
"name": "CVE-2025-47806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47806"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-64182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64182"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2023-6604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6604"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2017-9217",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9217"
},
{
"name": "CVE-2025-60753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60753"
},
{
"name": "CVE-2025-64181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64181"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-12436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12436"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2013-4327",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4327"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-12446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12446"
},
{
"name": "CVE-2025-13228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13228"
},
{
"name": "CVE-2013-4391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4391"
},
{
"name": "CVE-2026-20166",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20166"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-12441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12441"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-47183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47183"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2023-6601",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6601"
},
{
"name": "CVE-2018-16888",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16888"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2025-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13224"
},
{
"name": "CVE-2025-13042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13042"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2025-11460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11460"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2025-13229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13229"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2025-12440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12440"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2025-11216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11216"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2018-1049",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1049"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-11210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11210"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2025-12729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-10256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10256"
},
{
"name": "CVE-2026-20162",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20162"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-12839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12839"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-37727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2019-3844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3844"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-12728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2023-6605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6605"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2025-12430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12430"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-11206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11206"
},
{
"name": "CVE-2025-62408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62408"
},
{
"name": "CVE-2018-15686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15686"
},
{
"name": "CVE-2021-35938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35938"
},
{
"name": "CVE-2025-9951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9951"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2025-59729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59729"
},
{
"name": "CVE-2025-48071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48071"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2025-69224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69224"
},
{
"name": "CVE-2025-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2759"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2024-8373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8373"
},
{
"name": "CVE-2025-11209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11209"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21490"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2023-49501",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49501"
},
{
"name": "CVE-2019-3843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3843"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2026-26981",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26981"
},
{
"name": "CVE-2025-12447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12447"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2013-4392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4392"
},
{
"name": "CVE-2025-48074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48074"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2016-7795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7795"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-12428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12428"
},
{
"name": "CVE-2026-20163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20163"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2026-03-12T00:00:00",
"last_revision_date": "2026-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0281",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0302",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0302"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0311",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0311"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0308",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0308"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0309",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0309"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0305",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0305"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0310",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0310"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0304",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0304"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0301",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0301"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0313",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0313"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0306",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0306"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0303",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0303"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0307",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0307"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0312",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0312"
}
]
}
CERTFR-2025-AVI-0585
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-25317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2023-7216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2020-12413",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2015-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2017-1000383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2021-45261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-27151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2025-52968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2023-7207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
}
]
}
CERTFR-2025-AVI-0622
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows | ||
| VMware | N/A | Stemcells sans le dernier correctif de sécurité | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu | Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0 | ||
| VMware | Tanzu | Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1 | ||
| VMware | Tanzu Application Service | Tanzu Application Service versions antérieures à 1.16.11 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Application Service | Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11 | ||
| VMware | Tanzu | File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2023-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2020-36843",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-24579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-36056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2023-33199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2023-30551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-35929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2024-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2022-29173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2024-29902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2025-47290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-29903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
},
{
"name": "CVE-2025-4575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0622",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
}
]
}
CERTFR-2025-AVI-0524
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.8.0 | ||
| VMware | Tanzu | Tanzu Data Lake versions antérieures à 1.1.0 | ||
| VMware | Tanzu | Tanzu pour Postgres sur Kubernetes versions antérieures à 4.1.0 et 4.2.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions antérieures à 6.14.0 et 7.4.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à 1.31.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 6.x antérieures à 6.29.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 7.x antérieures à 7.5.0 | ||
| VMware | Tanzu | VMware Tanzu pour Valkey sur Kubernetes versions antérieures à 1.1.0 et 2.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.0 et 4.2.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions ant\u00e9rieures \u00e0 6.14.0 et 7.4.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e0 1.31.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 6.x ant\u00e9rieures \u00e0 6.29.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 7.x ant\u00e9rieures \u00e0 7.5.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour Valkey sur Kubernetes versions ant\u00e9rieures \u00e0 1.1.0 et 2.0.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2126"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2021-45943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2022-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0543"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2024-1580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1580"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2022-42967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42967"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2012-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0880"
},
{
"name": "CVE-2017-17507",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17507"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2018-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10126"
},
{
"name": "CVE-2018-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11205"
},
{
"name": "CVE-2018-13866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13866"
},
{
"name": "CVE-2018-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13867"
},
{
"name": "CVE-2018-13868",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13868"
},
{
"name": "CVE-2018-13869",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13869"
},
{
"name": "CVE-2018-13870",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13870"
},
{
"name": "CVE-2018-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13871"
},
{
"name": "CVE-2018-13872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13872"
},
{
"name": "CVE-2018-13874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13874"
},
{
"name": "CVE-2018-13875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13875"
},
{
"name": "CVE-2018-13876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13876"
},
{
"name": "CVE-2018-14031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14031"
},
{
"name": "CVE-2018-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14033"
},
{
"name": "CVE-2018-14034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14034"
},
{
"name": "CVE-2018-14035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14035"
},
{
"name": "CVE-2018-14460",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14460"
},
{
"name": "CVE-2018-15671",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15671"
},
{
"name": "CVE-2018-16438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16438"
},
{
"name": "CVE-2018-17432",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17432"
},
{
"name": "CVE-2018-17433",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17433"
},
{
"name": "CVE-2018-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17434"
},
{
"name": "CVE-2018-17435",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17435"
},
{
"name": "CVE-2018-17436",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17436"
},
{
"name": "CVE-2018-17437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17437"
},
{
"name": "CVE-2018-17438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17438"
},
{
"name": "CVE-2018-17439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17439"
},
{
"name": "CVE-2019-20005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20005"
},
{
"name": "CVE-2019-20006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20006"
},
{
"name": "CVE-2019-20007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20007"
},
{
"name": "CVE-2019-20198",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20198"
},
{
"name": "CVE-2019-20199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20199"
},
{
"name": "CVE-2019-20200",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20200"
},
{
"name": "CVE-2019-20201",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20201"
},
{
"name": "CVE-2019-20202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20202"
},
{
"name": "CVE-2019-6988",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6988"
},
{
"name": "CVE-2019-8396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8396"
},
{
"name": "CVE-2019-8397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8397"
},
{
"name": "CVE-2019-8398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8398"
},
{
"name": "CVE-2019-9151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9151"
},
{
"name": "CVE-2019-9152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9152"
},
{
"name": "CVE-2020-10809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10809"
},
{
"name": "CVE-2020-10810",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10810"
},
{
"name": "CVE-2020-10811",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10811"
},
{
"name": "CVE-2020-10812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10812"
},
{
"name": "CVE-2020-18232",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18232"
},
{
"name": "CVE-2020-18494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18494"
},
{
"name": "CVE-2021-26220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26220"
},
{
"name": "CVE-2021-26221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26221"
},
{
"name": "CVE-2021-26222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26222"
},
{
"name": "CVE-2021-30485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30485"
},
{
"name": "CVE-2021-31229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31229"
},
{
"name": "CVE-2021-31347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31347"
},
{
"name": "CVE-2021-31348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31348"
},
{
"name": "CVE-2021-31598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31598"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2021-37501",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37501"
},
{
"name": "CVE-2021-45829",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45829"
},
{
"name": "CVE-2021-45830",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45830"
},
{
"name": "CVE-2021-45832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45832"
},
{
"name": "CVE-2021-45833",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45833"
},
{
"name": "CVE-2021-46242",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46242"
},
{
"name": "CVE-2021-46243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46243"
},
{
"name": "CVE-2021-46244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46244"
},
{
"name": "CVE-2022-25942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25942"
},
{
"name": "CVE-2022-25972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25972"
},
{
"name": "CVE-2022-26061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26061"
},
{
"name": "CVE-2022-30045",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30045"
},
{
"name": "CVE-2022-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4055"
},
{
"name": "CVE-2022-47655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47655"
},
{
"name": "CVE-2023-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0996"
},
{
"name": "CVE-2023-29659",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29659"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-39329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39329"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2023-6879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6879"
},
{
"name": "CVE-2024-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
},
{
"name": "CVE-2024-29157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29157"
},
{
"name": "CVE-2024-29158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29158"
},
{
"name": "CVE-2024-29159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29159"
},
{
"name": "CVE-2024-29160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29160"
},
{
"name": "CVE-2024-29161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29161"
},
{
"name": "CVE-2024-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29162"
},
{
"name": "CVE-2024-29163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29163"
},
{
"name": "CVE-2024-29164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29164"
},
{
"name": "CVE-2024-29165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29165"
},
{
"name": "CVE-2024-29166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29166"
},
{
"name": "CVE-2024-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32605"
},
{
"name": "CVE-2024-32606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32606"
},
{
"name": "CVE-2024-32607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32607"
},
{
"name": "CVE-2024-32608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32608"
},
{
"name": "CVE-2024-32609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32609"
},
{
"name": "CVE-2024-32610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32610"
},
{
"name": "CVE-2024-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32611"
},
{
"name": "CVE-2024-32612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32612"
},
{
"name": "CVE-2024-32613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32613"
},
{
"name": "CVE-2024-32614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32614"
},
{
"name": "CVE-2024-32615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32615"
},
{
"name": "CVE-2024-32616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32616"
},
{
"name": "CVE-2024-32617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32617"
},
{
"name": "CVE-2024-32618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32618"
},
{
"name": "CVE-2024-32619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32619"
},
{
"name": "CVE-2024-32620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32620"
},
{
"name": "CVE-2024-32621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32621"
},
{
"name": "CVE-2024-32622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32622"
},
{
"name": "CVE-2024-32623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32623"
},
{
"name": "CVE-2024-32624",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32624"
},
{
"name": "CVE-2024-33873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33873"
},
{
"name": "CVE-2024-33874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33874"
},
{
"name": "CVE-2024-33875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33875"
},
{
"name": "CVE-2024-33876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33876"
},
{
"name": "CVE-2024-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33877"
},
{
"name": "CVE-2024-34402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34402"
},
{
"name": "CVE-2024-34403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34403"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2024-46981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46981"
},
{
"name": "CVE-2024-49203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49203"
},
{
"name": "CVE-2024-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5171"
},
{
"name": "CVE-2024-51741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51741"
},
{
"name": "CVE-2024-52522",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52522"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2024-56378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56378"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2024-6716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6716"
},
{
"name": "CVE-2025-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2153"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-23022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23022"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0524",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35841",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35841"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35844",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35844"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35843",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35843"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35842",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35842"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35846",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35846"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35849",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35849"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35840",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35840"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35847",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35847"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35839",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35839"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35845",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35845"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35848",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35848"
}
]
}
CERTFR-2025-AVI-0896
Vulnerability from certfr_avis - Published: 2025-10-17 - Updated: 2025-10-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.5.0 | ||
| IBM | QRadar | QRadar Investigation Assistant versions antérieures à 1.2.0 | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.5.0 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.19 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Investigation Assistant versions ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.19",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-46548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46548"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-32082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32082"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2024-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-49826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49826"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-30474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30474"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-44389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44389"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-47278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49005"
},
{
"name": "CVE-2025-30218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30218"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2024-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7598"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2024-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44906"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-10-17T00:00:00",
"last_revision_date": "2025-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0896",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247985",
"url": "https://www.ibm.com/support/pages/node/7247985"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247975",
"url": "https://www.ibm.com/support/pages/node/7247975"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247893",
"url": "https://www.ibm.com/support/pages/node/7247893"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248127",
"url": "https://www.ibm.com/support/pages/node/7248127"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248118",
"url": "https://www.ibm.com/support/pages/node/7248118"
}
]
}
CERTFR-2025-AVI-0352
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.40",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.104",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0352",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.104",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.104"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.40",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.40"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.6",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.6"
}
]
}
CERTFR-2025-AVI-0530
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.0.x antérieures à 6.2.0.5 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP12 IF02 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.0.x antérieures à 6.2.0.5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling File Gateway versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP12 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-33117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33117"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2025-33121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33121"
},
{
"name": "CVE-2020-13790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13790"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2025-36050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36050"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0530",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237159",
"url": "https://www.ibm.com/support/pages/node/7237159"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237316",
"url": "https://www.ibm.com/support/pages/node/7237316"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237317",
"url": "https://www.ibm.com/support/pages/node/7237317"
}
]
}
CERTFR-2025-AVI-0530
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.0.x antérieures à 6.2.0.5 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP12 IF02 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.0.x antérieures à 6.2.0.5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling File Gateway versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP12 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.5",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-33117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33117"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2024-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53150"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2025-33121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33121"
},
{
"name": "CVE-2020-13790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13790"
},
{
"name": "CVE-2024-40906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40906"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2024-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53141"
},
{
"name": "CVE-2024-53241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53241"
},
{
"name": "CVE-2025-36050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36050"
},
{
"name": "CVE-2024-43842",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43842"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2022-49011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49011"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0530",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237159",
"url": "https://www.ibm.com/support/pages/node/7237159"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237316",
"url": "https://www.ibm.com/support/pages/node/7237316"
},
{
"published_at": "2025-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237317",
"url": "https://www.ibm.com/support/pages/node/7237317"
}
]
}
CERTFR-2025-AVI-0896
Vulnerability from certfr_avis - Published: 2025-10-17 - Updated: 2025-10-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.5.0 | ||
| IBM | QRadar | QRadar Investigation Assistant versions antérieures à 1.2.0 | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.5.0 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.19 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Investigation Assistant versions ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.19",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-46548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46548"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-32082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32082"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2024-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-49826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49826"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-30474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30474"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-44389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44389"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-47278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49005"
},
{
"name": "CVE-2025-30218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30218"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2024-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7598"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2024-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44906"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-10-17T00:00:00",
"last_revision_date": "2025-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0896",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247985",
"url": "https://www.ibm.com/support/pages/node/7247985"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247975",
"url": "https://www.ibm.com/support/pages/node/7247975"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247893",
"url": "https://www.ibm.com/support/pages/node/7247893"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248127",
"url": "https://www.ibm.com/support/pages/node/7248127"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248118",
"url": "https://www.ibm.com/support/pages/node/7248118"
}
]
}
CERTFR-2025-AVI-0754
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Gemfire | Tanzu GemFire Management Console versions antérieures à 1.4.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 7.5.4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu GemFire Management Console versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 7.5.4",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0754",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0094",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36085"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 VMware TNZ-2025-0095",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36086"
}
]
}
CERTFR-2025-AVI-0585
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2023-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
},
{
"name": "CVE-2022-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
},
{
"name": "CVE-2022-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2022-2874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-25317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2023-48237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
},
{
"name": "CVE-2022-2344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
},
{
"name": "CVE-2023-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
},
{
"name": "CVE-2022-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
},
{
"name": "CVE-2023-7216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
},
{
"name": "CVE-2024-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
},
{
"name": "CVE-2022-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
},
{
"name": "CVE-2022-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
},
{
"name": "CVE-2023-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
},
{
"name": "CVE-2022-2287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
},
{
"name": "CVE-2022-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
},
{
"name": "CVE-2022-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
},
{
"name": "CVE-2022-2862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
},
{
"name": "CVE-2022-2889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2020-12413",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2023-48235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
},
{
"name": "CVE-2023-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
},
{
"name": "CVE-2024-43374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
},
{
"name": "CVE-2023-4781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
},
{
"name": "CVE-2023-48231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
},
{
"name": "CVE-2023-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
},
{
"name": "CVE-2022-3324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
},
{
"name": "CVE-2022-2257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
},
{
"name": "CVE-2024-45306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
},
{
"name": "CVE-2023-4751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2023-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2015-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
},
{
"name": "CVE-2023-48233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
},
{
"name": "CVE-2022-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
},
{
"name": "CVE-2022-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
},
{
"name": "CVE-2024-29040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
},
{
"name": "CVE-2017-1000383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
},
{
"name": "CVE-2025-47268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
},
{
"name": "CVE-2022-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2022-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
},
{
"name": "CVE-2022-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
},
{
"name": "CVE-2023-1264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
},
{
"name": "CVE-2022-4293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
},
{
"name": "CVE-2025-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
},
{
"name": "CVE-2022-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
},
{
"name": "CVE-2021-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-3256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2022-2343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
},
{
"name": "CVE-2022-2849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
},
{
"name": "CVE-2022-2980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
},
{
"name": "CVE-2024-41965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
},
{
"name": "CVE-2022-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
},
{
"name": "CVE-2023-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
},
{
"name": "CVE-2022-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
},
{
"name": "CVE-2022-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2022-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
},
{
"name": "CVE-2023-48236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-47814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
},
{
"name": "CVE-2022-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2022-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2022-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2022-3352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
},
{
"name": "CVE-2023-0054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
},
{
"name": "CVE-2025-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
},
{
"name": "CVE-2025-24014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2022-3296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
},
{
"name": "CVE-2021-45261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
},
{
"name": "CVE-2022-2345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
},
{
"name": "CVE-2022-2210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
},
{
"name": "CVE-2022-1725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-4735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
},
{
"name": "CVE-2023-4734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
},
{
"name": "CVE-2023-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
},
{
"name": "CVE-2025-29768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
},
{
"name": "CVE-2022-1620",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
},
{
"name": "CVE-2023-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
},
{
"name": "CVE-2022-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2022-4292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-22134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
},
{
"name": "CVE-2025-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
},
{
"name": "CVE-2023-48232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
},
{
"name": "CVE-2022-2522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
},
{
"name": "CVE-2022-2129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
},
{
"name": "CVE-2023-48234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-46246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
},
{
"name": "CVE-2025-27151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
},
{
"name": "CVE-2024-43802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2023-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
},
{
"name": "CVE-2025-52968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
},
{
"name": "CVE-2022-3037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
},
{
"name": "CVE-2022-1674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
},
{
"name": "CVE-2022-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
},
{
"name": "CVE-2022-2206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
},
{
"name": "CVE-2023-7207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
},
{
"name": "CVE-2022-1619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2022-4141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
},
{
"name": "CVE-2022-3099",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2023-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
},
{
"name": "CVE-2023-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2022-2125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
},
{
"name": "CVE-2022-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2023-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
},
{
"published_at": "2025-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
}
]
}
GHSA-FF77-26X5-69CR
Vulnerability from github – Published: 2025-04-28 21:30 – Updated: 2025-11-03 22:56
VLAI?
Summary
Apache Tomcat Rewrite rule bypass
Details
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6, which fix the issue.
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.102"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.76"
},
{
"fixed": "9.0.104"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.10"
},
{
"fixed": "10.1.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M2"
},
{
"fixed": "11.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.102"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.76"
},
{
"fixed": "9.0.104"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.10"
},
{
"fixed": "10.1.40"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M2"
},
{
"fixed": "11.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"last_affected": "8.5.100"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-31651"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-150"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-29T15:03:25Z",
"nvd_published_at": "2025-04-28T20:15:20Z",
"severity": "LOW"
},
"details": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u00a0For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6, which fix the issue.",
"id": "GHSA-ff77-26x5-69cr",
"modified": "2025-11-03T22:56:57Z",
"published": "2025-04-28T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/04/28/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Apache Tomcat Rewrite rule bypass"
}
SUSE-SU-2025:01882-1
Vulnerability from csaf_suse - Published: 2025-06-11 05:42 - Updated: 2025-06-11 05:42Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2025-31651: Better handling of URLs with literal ';' and '?'
(bsc#1242009).
Patchnames: SUSE-2025-1882,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1882
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2025-31651: Better handling of URLs with literal \u0027;\u0027 and \u0027?\u0027\n (bsc#1242009).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1882,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1882",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01882-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01882-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501882-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01882-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040227.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242009",
"url": "https://bugzilla.suse.com/1242009"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-06-11T05:42:17Z",
"generator": {
"date": "2025-06-11T05:42:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01882-1",
"initial_release_date": "2025-06-11T05:42:17Z",
"revision_history": [
{
"date": "2025-06-11T05:42:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-9.0.36-3.142.1.noarch",
"product_id": "tomcat-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.142.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.142.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.142.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.142.1.noarch",
"product_id": "tomcat-embed-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.142.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.142.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.142.1.noarch",
"product_id": "tomcat-lib-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.142.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.142.1.noarch",
"product_id": "tomcat-webapps-9.0.36-3.142.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.142.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.142.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.142.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.142.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-11T05:42:17Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
}
]
}
SUSE-SU-2025:1521-1
Vulnerability from csaf_suse - Published: 2025-05-09 04:56 - Updated: 2025-05-09 04:56Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.104
- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)
- CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009)
Full changelog:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.htm
Patchnames: SUSE-2025-1521,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1521,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1521,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1521,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1521,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1521,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1521,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1521,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1521,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1521,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1521,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1521,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1521,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1521,SUSE-Storage-7.1-2025-1521,openSUSE-SLE-15.6-2025-1521
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.104\n\n- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)\n- CVE-2025-31651: Better handling of URLs with literal \u0027;\u0027 and \u0027?\u0027 (bsc#1242009)\n\nFull changelog: \n\nhttps://tomcat.apache.org/tomcat-9.0-doc/changelog.htm\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1521,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1521,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1521,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1521,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1521,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1521,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1521,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1521,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1521,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1521,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1521,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1521,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1521,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1521,SUSE-Storage-7.1-2025-1521,openSUSE-SLE-15.6-2025-1521",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1521-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1521-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251521-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1521-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020814.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242008",
"url": "https://bugzilla.suse.com/1242008"
},
{
"category": "self",
"summary": "SUSE Bug 1242009",
"url": "https://bugzilla.suse.com/1242009"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-05-09T04:56:27Z",
"generator": {
"date": "2025-05-09T04:56:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1521-1",
"initial_release_date": "2025-05-09T04:56:27Z",
"revision_history": [
{
"date": "2025-05-09T04:56:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-embed-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-embed-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-javadoc-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-jsvc-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-lib-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-webapps-9.0.104-150200.81.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-docs-webapp-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-embed-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-embed-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-javadoc-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsvc-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31650"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31650",
"url": "https://www.suse.com/security/cve/CVE-2025-31650"
},
{
"category": "external",
"summary": "SUSE Bug 1242008 for CVE-2025-31650",
"url": "https://bugzilla.suse.com/1242008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-09T04:56:27Z",
"details": "important"
}
],
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-09T04:56:27Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
}
]
}
SUSE-SU-2025:01521-1
Vulnerability from csaf_suse - Published: 2025-05-29 14:04 - Updated: 2025-05-29 14:04Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.104
- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)
- CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009)
Full changelog:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.htm
Patchnames: SUSE-2025-1521,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-1521
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.104\n\n- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)\n- CVE-2025-31651: Better handling of URLs with literal \u0027;\u0027 and \u0027?\u0027 (bsc#1242009)\n\nFull changelog: \n\nhttps://tomcat.apache.org/tomcat-9.0-doc/changelog.htm\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1521,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-1521",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01521-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01521-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501521-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01521-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039407.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242008",
"url": "https://bugzilla.suse.com/1242008"
},
{
"category": "self",
"summary": "SUSE Bug 1242009",
"url": "https://bugzilla.suse.com/1242009"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-05-29T14:04:09Z",
"generator": {
"date": "2025-05-29T14:04:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01521-1",
"initial_release_date": "2025-05-29T14:04:09Z",
"revision_history": [
{
"date": "2025-05-29T14:04:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-embed-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-embed-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-javadoc-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-jsvc-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-lib-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"product_id": "tomcat-webapps-9.0.104-150200.81.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-lib-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.104-150200.81.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.104-150200.81.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.104-150200.81.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31650"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31650",
"url": "https://www.suse.com/security/cve/CVE-2025-31650"
},
{
"category": "external",
"summary": "SUSE Bug 1242008 for CVE-2025-31650",
"url": "https://bugzilla.suse.com/1242008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T14:04:09Z",
"details": "important"
}
],
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.104-150200.81.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.104-150200.81.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T14:04:09Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
}
]
}
SUSE-SU-2025:1537-1
Vulnerability from csaf_suse - Published: 2025-05-13 02:49 - Updated: 2025-05-13 02:49Summary
Security update for tomcat10
Severity
Important
Notes
Title of the patch: Security update for tomcat10
Description of the patch: This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.40
- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)
- CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009)
Full changelog:
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html
Patchnames: SUSE-2025-1537,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1537,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1537,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1537,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1537,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1537,openSUSE-SLE-15.6-2025-1537
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat10 fixes the following issues:\n\nUpdate to Tomcat 10.1.40\n\n- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)\n- CVE-2025-31651: Better handling of URLs with literal \u0027;\u0027 and \u0027?\u0027 (bsc#1242009)\n \nFull changelog:\n\nhttps://tomcat.apache.org/tomcat-10.1-doc/changelog.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1537,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-1537,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1537,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1537,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1537,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1537,openSUSE-SLE-15.6-2025-1537",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1537-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1537-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251537-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1537-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039204.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242008",
"url": "https://bugzilla.suse.com/1242008"
},
{
"category": "self",
"summary": "SUSE Bug 1242009",
"url": "https://bugzilla.suse.com/1242009"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
}
],
"title": "Security update for tomcat10",
"tracking": {
"current_release_date": "2025-05-13T02:49:09Z",
"generator": {
"date": "2025-05-13T02:49:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1537-1",
"initial_release_date": "2025-05-13T02:49:09Z",
"revision_history": [
{
"date": "2025-05-13T02:49:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-doc-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-embed-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-lib-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-doc-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-embed-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsvc-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-lib-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31650"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31650",
"url": "https://www.suse.com/security/cve/CVE-2025-31650"
},
{
"category": "external",
"summary": "SUSE Bug 1242008 for CVE-2025-31650",
"url": "https://bugzilla.suse.com/1242008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T02:49:09Z",
"details": "important"
}
],
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T02:49:09Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
}
]
}
SUSE-SU-2025:01537-1
Vulnerability from csaf_suse - Published: 2025-05-29 09:04 - Updated: 2025-05-29 09:04Summary
Security update for tomcat10
Severity
Important
Notes
Title of the patch: Security update for tomcat10
Description of the patch: This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.40
- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)
- CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009)
Full changelog:
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html
Patchnames: SUSE-2025-1537,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-1537
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat10 fixes the following issues:\n\nUpdate to Tomcat 10.1.40\n\n- CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008)\n- CVE-2025-31651: Better handling of URLs with literal \u0027;\u0027 and \u0027?\u0027 (bsc#1242009)\n \nFull changelog:\n\nhttps://tomcat.apache.org/tomcat-10.1-doc/changelog.html\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1537,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-1537",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01537-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01537-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501537-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01537-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039399.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242008",
"url": "https://bugzilla.suse.com/1242008"
},
{
"category": "self",
"summary": "SUSE Bug 1242009",
"url": "https://bugzilla.suse.com/1242009"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31650 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
}
],
"title": "Security update for tomcat10",
"tracking": {
"current_release_date": "2025-05-29T09:04:24Z",
"generator": {
"date": "2025-05-29T09:04:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01537-1",
"initial_release_date": "2025-05-29T09:04:24Z",
"revision_history": [
{
"date": "2025-05-29T09:04:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-doc-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-doc-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-docs-webapp-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-embed-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-embed-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-jsvc-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-lib-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"product": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"product_id": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.40-150200.5.40.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31650"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.\n\nThis issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.90 though 8.5.100.\n\n\nUsers are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31650",
"url": "https://www.suse.com/security/cve/CVE-2025-31650"
},
{
"category": "external",
"summary": "SUSE Bug 1242008 for CVE-2025-31650",
"url": "https://bugzilla.suse.com/1242008"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T09:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-31650"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.40-150200.5.40.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.40-150200.5.40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-29T09:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
}
]
}
SUSE-SU-2026:1058-1
Vulnerability from csaf_suse - Published: 2026-03-26 09:46 - Updated: 2026-03-26 09:46Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.115:
- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895).
- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash
(bsc#1246389).
- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2023-44487: Rapid reset attack (bsc#1216182).
Patchnames: SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.115:\n\n- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to \u0027MadeYouReset\u0027 DoS attack (bsc#1243895).\n- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash\n (bsc#1246389).\n- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).\n- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).\n- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).\n- CVE-2023-44487: Rapid reset attack (bsc#1216182).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1058-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216182",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "self",
"summary": "SUSE Bug 1243895",
"url": "https://bugzilla.suse.com/1243895"
},
{
"category": "self",
"summary": "SUSE Bug 1246318",
"url": "https://bugzilla.suse.com/1246318"
},
{
"category": "self",
"summary": "SUSE Bug 1246389",
"url": "https://bugzilla.suse.com/1246389"
},
{
"category": "self",
"summary": "SUSE Bug 1258371",
"url": "https://bugzilla.suse.com/1258371"
},
{
"category": "self",
"summary": "SUSE Bug 1258385",
"url": "https://bugzilla.suse.com/1258385"
},
{
"category": "self",
"summary": "SUSE Bug 1259224",
"url": "https://bugzilla.suse.com/1259224"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13934 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13935 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13943 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17527 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25329 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33037 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23181 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42252 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24549 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48989 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52434 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52520 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24733/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-03-26T09:46:45Z",
"generator": {
"date": "2026-03-26T09:46:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1058-1",
"initial_release_date": "2026-03-26T09:46:45Z",
"revision_history": [
{
"date": "2026-03-26T09:46:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-9.0.115-3.160.1.noarch",
"product_id": "tomcat-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product_id": "tomcat-embed-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-javadoc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsvc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product_id": "tomcat-lib-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-webapps-9.0.115-3.160.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13934"
}
],
"notes": [
{
"category": "general",
"text": "An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13934",
"url": "https://www.suse.com/security/cve/CVE-2020-13934"
},
{
"category": "external",
"summary": "SUSE Bug 1174121 for CVE-2020-13934",
"url": "https://bugzilla.suse.com/1174121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13935"
}
],
"notes": [
{
"category": "general",
"text": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13935",
"url": "https://www.suse.com/security/cve/CVE-2020-13935"
},
{
"category": "external",
"summary": "SUSE Bug 1174117 for CVE-2020-13935",
"url": "https://bugzilla.suse.com/1174117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13943"
}
],
"notes": [
{
"category": "general",
"text": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13943",
"url": "https://www.suse.com/security/cve/CVE-2020-13943"
},
{
"category": "external",
"summary": "SUSE Bug 1177582 for CVE-2020-13943",
"url": "https://bugzilla.suse.com/1177582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-17527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17527"
}
],
"notes": [
{
"category": "general",
"text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17527",
"url": "https://www.suse.com/security/cve/CVE-2020-17527"
},
{
"category": "external",
"summary": "SUSE Bug 1179602 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1179602"
},
{
"category": "external",
"summary": "SUSE Bug 1180830 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1180830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-17527"
},
{
"cve": "CVE-2021-24122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24122"
}
],
"notes": [
{
"category": "general",
"text": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24122",
"url": "https://www.suse.com/security/cve/CVE-2021-24122"
},
{
"category": "external",
"summary": "SUSE Bug 1180947 for CVE-2021-24122",
"url": "https://bugzilla.suse.com/1180947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25122"
}
],
"notes": [
{
"category": "general",
"text": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25122",
"url": "https://www.suse.com/security/cve/CVE-2021-25122"
},
{
"category": "external",
"summary": "SUSE Bug 1182912 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1182912"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25329"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25329",
"url": "https://www.suse.com/security/cve/CVE-2021-25329"
},
{
"category": "external",
"summary": "SUSE Bug 1182909 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1182909"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30640",
"url": "https://www.suse.com/security/cve/CVE-2021-30640"
},
{
"category": "external",
"summary": "SUSE Bug 1188279 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1188279"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33037"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33037",
"url": "https://www.suse.com/security/cve/CVE-2021-33037"
},
{
"category": "external",
"summary": "SUSE Bug 1188278 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1188278"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41079"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41079",
"url": "https://www.suse.com/security/cve/CVE-2021-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1190558 for CVE-2021-41079",
"url": "https://bugzilla.suse.com/1190558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-43980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43980"
}
],
"notes": [
{
"category": "general",
"text": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43980",
"url": "https://www.suse.com/security/cve/CVE-2021-43980"
},
{
"category": "external",
"summary": "SUSE Bug 1203868 for CVE-2021-43980",
"url": "https://bugzilla.suse.com/1203868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-23181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23181"
}
],
"notes": [
{
"category": "general",
"text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23181",
"url": "https://www.suse.com/security/cve/CVE-2022-23181"
},
{
"category": "external",
"summary": "SUSE Bug 1195255 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1195255"
},
{
"category": "external",
"summary": "SUSE Bug 1196395 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1196395"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-42252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42252"
}
],
"notes": [
{
"category": "general",
"text": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42252",
"url": "https://www.suse.com/security/cve/CVE-2022-42252"
},
{
"category": "external",
"summary": "SUSE Bug 1204918 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1204918"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41080"
}
],
"notes": [
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41080",
"url": "https://www.suse.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1214666 for CVE-2023-41080",
"url": "https://bugzilla.suse.com/1214666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45468"
}
],
"notes": [
{
"category": "general",
"text": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45468",
"url": "https://www.suse.com/security/cve/CVE-2023-45468"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2023-45468",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-45468"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21733"
}
],
"notes": [
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21733",
"url": "https://www.suse.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1219023 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1219023"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-21733"
},
{
"cve": "CVE-2024-23672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23672"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23672",
"url": "https://www.suse.com/security/cve/CVE-2024-23672"
},
{
"category": "external",
"summary": "SUSE Bug 1221385 for CVE-2024-23672",
"url": "https://bugzilla.suse.com/1221385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24549"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24549",
"url": "https://www.suse.com/security/cve/CVE-2024-24549"
},
{
"category": "external",
"summary": "SUSE Bug 1221386 for CVE-2024-24549",
"url": "https://bugzilla.suse.com/1221386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-34750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34750"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34750",
"url": "https://www.suse.com/security/cve/CVE-2024-34750"
},
{
"category": "external",
"summary": "SUSE Bug 1227399 for CVE-2024-34750",
"url": "https://bugzilla.suse.com/1227399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38286"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38286",
"url": "https://www.suse.com/security/cve/CVE-2024-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1230986 for CVE-2024-38286",
"url": "https://bugzilla.suse.com/1230986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52316"
}
],
"notes": [
{
"category": "general",
"text": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52316",
"url": "https://www.suse.com/security/cve/CVE-2024-52316"
},
{
"category": "external",
"summary": "SUSE Bug 1233434 for CVE-2024-52316",
"url": "https://bugzilla.suse.com/1233434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "critical"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2025-24813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24813"
}
],
"notes": [
{
"category": "general",
"text": "Path Equivalence: \u0027file.Name\u0027 (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nIf all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads\n- attacker knowledge of the names of security sensitive files being uploaded\n- the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- application was using Tomcat\u0027s file based session persistence with the default storage location\n- application included a library that may be leveraged in a deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24813",
"url": "https://www.suse.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "SUSE Bug 1239302 for CVE-2025-24813",
"url": "https://bugzilla.suse.com/1239302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-46701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46701"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Case Sensitivity vulnerability in Apache Tomcat\u0027s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46701",
"url": "https://www.suse.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "SUSE Bug 1243815 for CVE-2025-46701",
"url": "https://bugzilla.suse.com/1243815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-48988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48988"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48988",
"url": "https://www.suse.com/security/cve/CVE-2025-48988"
},
{
"category": "external",
"summary": "SUSE Bug 1244656 for CVE-2025-48988",
"url": "https://bugzilla.suse.com/1244656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48988"
},
{
"cve": "CVE-2025-48989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48989"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48989",
"url": "https://www.suse.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1243895 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49125"
}
],
"notes": [
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49125",
"url": "https://www.suse.com/security/cve/CVE-2025-49125"
},
{
"category": "external",
"summary": "SUSE Bug 1244649 for CVE-2025-49125",
"url": "https://bugzilla.suse.com/1244649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-49125"
},
{
"cve": "CVE-2025-52434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52434"
}
],
"notes": [
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52434",
"url": "https://www.suse.com/security/cve/CVE-2025-52434"
},
{
"category": "external",
"summary": "SUSE Bug 1246389 for CVE-2025-52434",
"url": "https://bugzilla.suse.com/1246389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52520"
}
],
"notes": [
{
"category": "general",
"text": "For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52520",
"url": "https://www.suse.com/security/cve/CVE-2025-52520"
},
{
"category": "external",
"summary": "SUSE Bug 1246388 for CVE-2025-52520",
"url": "https://bugzilla.suse.com/1246388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53506"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53506",
"url": "https://www.suse.com/security/cve/CVE-2025-53506"
},
{
"category": "external",
"summary": "SUSE Bug 1246318 for CVE-2025-53506",
"url": "https://bugzilla.suse.com/1246318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53506"
},
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66614"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66614",
"url": "https://www.suse.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "SUSE Bug 1258371 for CVE-2025-66614",
"url": "https://bugzilla.suse.com/1258371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-66614"
},
{
"cve": "CVE-2026-24733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24733"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24733",
"url": "https://www.suse.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "SUSE Bug 1258385 for CVE-2026-24733",
"url": "https://bugzilla.suse.com/1258385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2026-24733"
}
]
}
bit-tomcat-2025-31651
Vulnerability from bitnami_vulndb
Published
2025-07-10 10:46
Modified
2026-03-20 12:05
Summary
Apache Tomcat: Bypass of rules in Rewrite Valve
Details
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed.
This issue affects Apache Tomcat: from 11.0.0 through 11.0.5, from 10.1.0 through 10.1.39, from 9.0.0 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "tomcat",
"purl": "pkg:bitnami/tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.104"
},
{
"introduced": "10.0.0"
},
{
"fixed": "10.1.40"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.6"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-31651"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
],
"severity": "Critical"
},
"details": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0 through 11.0.5, from 10.1.0 through 10.1.39, from 9.0.0 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"id": "BIT-tomcat-2025-31651",
"modified": "2026-03-20T12:05:40.000Z",
"published": "2025-07-10T10:46:54.240Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/04/28/3"
},
{
"type": "WEB",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
}
],
"schema_version": "1.6.2",
"summary": "Apache Tomcat: Bypass of rules in Rewrite Valve"
}
CNVD-2025-10031
Vulnerability from cnvd - Published: 2025-05-19
VLAI Severity ?
Title
Apache Tomcat输入验证错误漏洞(CNVD-2025-10031)
Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。
Apache Tomcat存在输入验证错误漏洞,该漏洞源于转义、元或控制序列中和不当,攻击者可利用该漏洞导致安全约束绕过。
Severity
高
Patch Name
Apache Tomcat输入验证错误漏洞(CNVD-2025-10031)的补丁
Patch Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。
Apache Tomcat存在输入验证错误漏洞,该漏洞源于转义、元或控制序列中和不当,攻击者可利用该漏洞导致安全约束绕过。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://tomcat.apache.org/security-11.html
Reference
http://www.openwall.com/lists/oss-security/2025/04/28/3
Impacted products
| Name | ['Apache Tomcat >=9.0.0,<9.0.104', 'Apache Tomcat >=10.1.0,<10.1.40', 'Apache Tomcat >=11.0.0,<11.0.6'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-31651",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
}
},
"description": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\u3002\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\n\nApache Tomcat\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6c\u4e49\u3001\u5143\u6216\u63a7\u5236\u5e8f\u5217\u4e2d\u548c\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5b89\u5168\u7ea6\u675f\u7ed5\u8fc7\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tomcat.apache.org/security-11.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-10031",
"openTime": "2025-05-19",
"patchDescription": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\u3002\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\r\n\r\nApache Tomcat\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f6c\u4e49\u3001\u5143\u6216\u63a7\u5236\u5e8f\u5217\u4e2d\u548c\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5b89\u5168\u7ea6\u675f\u7ed5\u8fc7\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Tomcat\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-10031\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Apache Tomcat \u003e=9.0.0\uff0c\u003c9.0.104",
"Apache Tomcat \u003e=10.1.0\uff0c\u003c10.1.40",
"Apache Tomcat \u003e=11.0.0\uff0c\u003c11.0.6"
]
},
"referenceLink": "http://www.openwall.com/lists/oss-security/2025/04/28/3",
"serverity": "\u9ad8",
"submitTime": "2025-05-07",
"title": "Apache Tomcat\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2025-10031\uff09"
}
FKIE_CVE-2025-31651
Vulnerability from fkie_nvd - Published: 2025-04-28 20:15 - Updated: 2025-11-03 20:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible
for a specially crafted request to bypass some rewrite rules. If those
rewrite rules effectively enforced security constraints, those
constraints could be bypassed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/list.html?announce@tomcat.apache.org | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/04/28/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB09D245-9455-444D-8265-743642DD53C9",
"versionEndExcluding": "9.0.104",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BD6C26-75CE-4DDC-BF4D-5A5187BD4CAF",
"versionEndExcluding": "10.1.40",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9331B3B3-C3C4-4D12-BE11-043F6614B2D3",
"versionEndExcluding": "11.0.6",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u00a0For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de secuencias de escape, metadatos o de control en Apache Tomcat. En un subconjunto de configuraciones improbables de reglas de reescritura, una solicitud especialmente manipulada pod\u00eda eludir algunas reglas de reescritura. Si dichas reglas aplicaban restricciones de seguridad de forma eficaz, estas pod\u00edan eludirse. Este problema afecta a Apache Tomcat: de la 11.0.0-M1 a la 11.0.5, de la 10.1.0-M1 a la 10.1.39 y de la 9.0.0.M1 a la 9.0.102. Se recomienda a los usuarios actualizar a la versi\u00f3n [FIXED_VERSION], que soluciona el problema."
}
],
"id": "CVE-2025-31651",
"lastModified": "2025-11-03T20:18:25.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-28T20:15:20.783",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/28/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…