Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-55668 (GCVE-0-2025-55668)
Vulnerability from cvelistv5 – Published: 2025-08-13 13:21 – Updated: 2025-11-04 21:13
VLAI
EPSS
Title
Apache Tomcat: session fixation via rewrite valve
Summary
Session Fixation vulnerability in Apache Tomcat via rewrite valve.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.7
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.41 (semver) Affected: 9.0.0.M1 , ≤ 9.0.105 (semver) Unknown: 8 , < 9.0.0.M1 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
Greg K (https://github.com/gregk4sec)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T13:38:12.498649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T13:39:26.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:09.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.7",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.41",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.105",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThan": "9.0.0.M1",
"status": "unknown",
"version": "8",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Greg K (https://github.com/gregk4sec)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSession Fixation vulnerability in Apache Tomcat via rewrite valve.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\u003cbr\u003eOlder, EOL versions may also be affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\u003c/p\u003e"
}
],
"value": "Session Fixation vulnerability in Apache Tomcat via rewrite valve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nOlder, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:39:30.355Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: session fixation via rewrite valve",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-55668",
"datePublished": "2025-08-13T13:21:35.743Z",
"dateReserved": "2025-08-13T12:16:36.881Z",
"dateUpdated": "2025-11-04T21:13:09.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-55668",
"date": "2026-06-05",
"epss": "0.00019",
"percentile": "0.05317"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55668\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-08-13T14:15:33.330\",\"lastModified\":\"2025-11-04T22:16:30.550\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Session Fixation vulnerability in Apache Tomcat via rewrite valve.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\\nOlder, EOL versions may also be affected.\\n\\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Apache Tomcat mediante una v\u00e1lvula de reescritura. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.7, de 10.1.0-M1 a 10.1.41, y de 9.0.0.M1 a 9.0.105. Las versiones anteriores al final de su vida \u00fatil tambi\u00e9n pueden verse afectadas. Se recomienda actualizar a las versiones 11.0.8, 10.1.42 o 9.0.106, que solucionan el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.1\",\"versionEndExcluding\":\"9.0.106\",\"matchCriteriaId\":\"6D612584-5CB2-48F6-A969-0016A419FCB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.1.42\",\"matchCriteriaId\":\"B331712D-D798-4901-AE46-C9B57379410A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.8\",\"matchCriteriaId\":\"EE393E87-D325-4ABB-B49C-5863ECD3DD83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B129B2-FB6F-4EF9-BF12-E589A87996CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B6787B6-54A8-475E-BA1C-AB99334B2535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6DA0BE-908C-4DA8-A191-A0113235E99A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"39029C72-28B4-46A4-BFF5-EC822CFB2A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2E05A3-014F-4C4D-81E5-88E725FBD6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"166C533C-0833-41D5-99B6-17A4FAB3CAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3768C60-21FA-4B92-B98C-C3A2602D1BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F542E12-6BA8-4504-A494-DA83E7E19BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2409CC7-6A85-4A66-A457-0D62B9895DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B392A7E5-4455-4B1C-8FAC-AE6DDC70689E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF411DDA-2601-449A-9046-D250419A0E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4FBF97-DE16-4E5E-BE19-471E01818D40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B266B1E-24B5-47EE-A421-E0E3CC0C7471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*\",\"matchCriteriaId\":\"29614C3A-6FB3-41C7-B56E-9CC3F45B04F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AB156C-8FF6-4727-AF75-590D0DCB3F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C5F004-F7D8-45DB-B173-351C50B0EC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1902D2E-1896-4D3D-9E1C-3A675255072C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"49AAF4DF-F61D-47A8-8788-A21E317A145D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"454211D0-60A2-4661-AECA-4C0121413FEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0686F977-889F-4960-8E0B-7784B73A7F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"558703AE-DB5E-4DFF-B497-C36694DD7B24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6273F2-1165-47A4-8DD7-9E9B2472941B\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/13/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/13/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:13:09.014Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55668\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-13T13:38:12.498649Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-13T13:38:57.635Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: session fixation via rewrite valve\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Greg K (https://github.com/gregk4sec)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.7\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.41\"}, {\"status\": \"affected\", \"version\": \"9.0.0.M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.105\"}, {\"status\": \"unknown\", \"version\": \"8\", \"lessThan\": \"9.0.0.M1\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Session Fixation vulnerability in Apache Tomcat via rewrite valve.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\\nOlder, EOL versions may also be affected.\\n\\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eSession Fixation vulnerability in Apache Tomcat via rewrite valve.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\u003cbr\u003eOlder, EOL versions may also be affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-384\", \"description\": \"CWE-384 Session Fixation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:39:30.355Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55668\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:13:09.014Z\", \"dateReserved\": \"2025-08-13T12:16:36.881Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-08-13T13:21:35.743Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0322
Vulnerability from certfr_avis - Published: 2026-03-20 - Updated: 2026-03-20
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu GemFire C++ et .NET Framework Clients versions antérieures à 10.4.8 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 4.1.10 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.2.5 | ||
| VMware | Tanzu | Tanzu GemFire Session Management versions antérieures à 1.1.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire Search versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 4.0.19 | ||
| VMware | Tanzu | Tanzu GemFire sur Kubernetes versions antérieures à 2.6.2 | ||
| VMware | Tanzu | Tanzu RabbitMQ sur Kubernetes versions antérieures à 3.13.14 | ||
| VMware | Tanzu | Tanzu GemFire versions antérieures à 10.0.8 | ||
| VMware | Tanzu | Tanzu GemFire Vector Database versions antérieures à 1.2.1 | ||
| VMware | Tanzu | Tanzu Data Flow sur Kubernetes versions antérieures à 2.0.4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu GemFire C++ et .NET Framework Clients versions ant\u00e9rieures \u00e0 10.4.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 4.1.10",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Session Management versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Search versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 4.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire sur Kubernetes versions ant\u00e9rieures \u00e0 2.6.2",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ sur Kubernetes versions ant\u00e9rieures \u00e0 3.13.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.0.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow sur Kubernetes versions ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38807"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2026-25518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25518"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0322",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37257",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37257"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37260",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37260"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37259",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37259"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37255",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37255"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37253",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37253"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37262",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37262"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37251",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37251"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37252",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37252"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37261",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37261"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37256",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37256"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37248",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37248"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37258",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37258"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37250",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37250"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37254",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37254"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37249",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37249"
}
]
}
Title
Apache Tomcat授权问题漏洞(CNVD-2025-19105)
Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器,用于实现对Servlet和JavaServer Page(JSP)的支持。
Apache Tomcat存在授权问题漏洞,该漏洞源于rewrite valve会话固定缺陷造成的。攻击者可利用该漏洞访问用户的会话。
Severity
高
Patch Name
Apache Tomcat授权问题漏洞(CNVD-2025-19105)的补丁
Patch Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器,用于实现对Servlet和JavaServer Page(JSP)的支持。
Apache Tomcat存在授权问题漏洞,该漏洞源于rewrite valve会话固定缺陷造成的。攻击者可利用该漏洞访问用户的会话。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-55668
Impacted products
| Name | ['Apache Tomcat >=11.0.0-M1,<=11.0.7', 'Apache Tomcat >=10.1.0-M1,<=10.1.41', 'Apache Tomcat >=9.0.0.M1,<=9.0.105'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-55668",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
}
},
"description": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\uff0c\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\n\nApache Tomcat\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8erewrite valve\u4f1a\u8bdd\u56fa\u5b9a\u7f3a\u9677\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7528\u6237\u7684\u4f1a\u8bdd\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-19105",
"openTime": "2025-08-21",
"patchDescription": "Apache Tomcat\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7Web\u5e94\u7528\u670d\u52a1\u5668\uff0c\u7528\u4e8e\u5b9e\u73b0\u5bf9Servlet\u548cJavaServer Page\uff08JSP\uff09\u7684\u652f\u6301\u3002\r\n\r\nApache Tomcat\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8erewrite valve\u4f1a\u8bdd\u56fa\u5b9a\u7f3a\u9677\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7528\u6237\u7684\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache Tomcat\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2025-19105\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Apache Tomcat \u003e=11.0.0-M1\uff0c\u003c=11.0.7",
"Apache Tomcat \u003e=10.1.0-M1\uff0c\u003c=10.1.41",
"Apache Tomcat \u003e=9.0.0.M1\uff0c\u003c=9.0.105"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"serverity": "\u9ad8",
"submitTime": "2025-08-20",
"title": "Apache Tomcat\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2025-19105\uff09"
}
FKIE_CVE-2025-55668
Vulnerability from fkie_nvd - Published: 2025-08-13 14:15 - Updated: 2025-11-04 22:16
Severity
Summary
Session Fixation vulnerability in Apache Tomcat via rewrite valve.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | tomcat | * | |
| apache | tomcat | * | |
| apache | tomcat | * | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 | |
| apache | tomcat | 9.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D612584-5CB2-48F6-A969-0016A419FCB7",
"versionEndExcluding": "9.0.106",
"versionStartIncluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B331712D-D798-4901-AE46-C9B57379410A",
"versionEndExcluding": "10.1.42",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE393E87-D325-4ABB-B49C-5863ECD3DD83",
"versionEndExcluding": "11.0.8",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
"matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
"matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
"matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
"matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
"matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
"matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
"matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
"matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
"matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
"matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
"matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
"matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
"matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
"matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
"matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
"matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation vulnerability in Apache Tomcat via rewrite valve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nOlder, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Apache Tomcat mediante una v\u00e1lvula de reescritura. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.7, de 10.1.0-M1 a 10.1.41, y de 9.0.0.M1 a 9.0.105. Las versiones anteriores al final de su vida \u00fatil tambi\u00e9n pueden verse afectadas. Se recomienda actualizar a las versiones 11.0.8, 10.1.42 o 9.0.106, que solucionan el problema."
}
],
"id": "CVE-2025-55668",
"lastModified": "2025-11-04T22:16:30.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-13T14:15:33.330",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-23HV-MWM6-G8JF
Vulnerability from github – Published: 2025-08-13 15:30 – Updated: 2025-11-05 20:38
VLAI
Summary
Apache Tomcat Session Fixation vulnerability
Details
Session Fixation vulnerability in Apache Tomcat via rewrite valve.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Severity
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.42"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0.M1"
},
{
"fixed": "9.0.106"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-55668"
],
"database_specific": {
"cwe_ids": [
"CWE-384"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-13T23:24:19Z",
"nvd_published_at": "2025-08-13T14:15:33Z",
"severity": "MODERATE"
},
"details": "Session Fixation vulnerability in Apache Tomcat via rewrite valve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nOlder, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"id": "GHSA-23hv-mwm6-g8jf",
"modified": "2025-11-05T20:38:54Z",
"published": "2025-08-13T15:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Tomcat Session Fixation vulnerability"
}
RHSA-2026:18536
Vulnerability from csaf_redhat - Published: 2026-05-19 09:00 - Updated: 2026-05-28 20:56Summary
Red Hat Security Advisory: tomcat9 security update
Severity
Important
Notes
Topic: An update for tomcat9 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control SequencesAffected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat9 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n\n* org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n\n* org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:18536",
"url": "https://access.redhat.com/errata/RHSA-2026:18536"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "RHEL-148687",
"url": "https://issues.redhat.com/browse/RHEL-148687"
},
{
"category": "external",
"summary": "RHEL-158962",
"url": "https://issues.redhat.com/browse/RHEL-158962"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_18536.json"
}
],
"title": "Red Hat Security Advisory: tomcat9 security update",
"tracking": {
"current_release_date": "2026-05-28T20:56:46+00:00",
"generator": {
"date": "2026-05-28T20:56:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:18536",
"initial_release_date": "2026-05-19T09:00:26+00:00",
"revision_history": [
{
"date": "2026-05-19T09:00:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-19T09:00:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:56:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-admin-webapps@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-docs-webapp@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-el-3.0-api@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-jsp-2.3-api@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-lib@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-servlet-4.0-api@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-webapps-1:9.0.110-2.el10_2.noarch",
"product": {
"name": "tomcat9-webapps-1:9.0.110-2.el10_2.noarch",
"product_id": "tomcat9-webapps-1:9.0.110-2.el10_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-webapps@9.0.110-2.el10_2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.110-2.el10_2.src",
"product": {
"name": "tomcat9-1:9.0.110-2.el10_2.src",
"product_id": "tomcat9-1:9.0.110-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.110-2.el10_2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.110-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src"
},
"product_reference": "tomcat9-1:9.0.110-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-lib-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-webapps-1:9.0.110-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
},
"product_reference": "tomcat9-webapps-1:9.0.110-2.el10_2.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T09:00:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18536"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T09:00:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T09:00:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18536"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-1:9.0.110-2.el10_2.src",
"AppStream-10.2.GA:tomcat9-admin-webapps-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-docs-webapp-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-el-3.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-jsp-2.3-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-lib-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-servlet-4.0-api-1:9.0.110-2.el10_2.noarch",
"AppStream-10.2.GA:tomcat9-webapps-1:9.0.110-2.el10_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
RHSA-2026:18537
Vulnerability from csaf_redhat - Published: 2026-05-19 09:22 - Updated: 2026-05-28 20:56Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control SequencesAffected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n\n* org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n\n* org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:18537",
"url": "https://access.redhat.com/errata/RHSA-2026:18537"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "RHEL-150099",
"url": "https://issues.redhat.com/browse/RHEL-150099"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_18537.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-28T20:56:51+00:00",
"generator": {
"date": "2026-05-28T20:56:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:18537",
"initial_release_date": "2026-05-19T09:22:51+00:00",
"revision_history": [
{
"date": "2026-05-19T09:22:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-19T09:22:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:56:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-5.0-api@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-lib-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-lib-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:10.1.49-1.el10.noarch",
"product": {
"name": "tomcat-webapps-1:10.1.49-1.el10.noarch",
"product_id": "tomcat-webapps-1:10.1.49-1.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@10.1.49-1.el10?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.49-1.el10.src",
"product": {
"name": "tomcat-1:10.1.49-1.el10.src",
"product_id": "tomcat-1:10.1.49-1.el10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.49-1.el10?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.49-1.el10.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src"
},
"product_reference": "tomcat-1:10.1.49-1.el10.src",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-5.0-api-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-lib-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:10.1.49-1.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
},
"product_reference": "tomcat-webapps-1:10.1.49-1.el10.noarch",
"relates_to_product_reference": "AppStream-10.2.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T09:22:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18537"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T09:22:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18537"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T09:22:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18537"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-1:10.1.49-1.el10.src",
"AppStream-10.2.GA:tomcat-admin-webapps-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-docs-webapp-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-el-5.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-jsp-3.1-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-lib-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-servlet-6.0-api-1:10.1.49-1.el10.noarch",
"AppStream-10.2.GA:tomcat-webapps-1:10.1.49-1.el10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
RHSA-2026:18916
Vulnerability from csaf_redhat - Published: 2026-05-19 13:41 - Updated: 2026-05-28 20:56Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control SequencesAffected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n\n* org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n\n* org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:18916",
"url": "https://access.redhat.com/errata/RHSA-2026:18916"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "RHEL-146482",
"url": "https://issues.redhat.com/browse/RHEL-146482"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_18916.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-28T20:56:47+00:00",
"generator": {
"date": "2026-05-28T20:56:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:18916",
"initial_release_date": "2026-05-19T13:41:35+00:00",
"revision_history": [
{
"date": "2026-05-19T13:41:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-19T13:41:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:56:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.110-2.el9_8.src",
"product": {
"name": "tomcat-1:9.0.110-2.el9_8.src",
"product_id": "tomcat-1:9.0.110-2.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.110-2.el9_8?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-lib-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-lib-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.110-2.el9_8.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.110-2.el9_8.noarch",
"product_id": "tomcat-webapps-1:9.0.110-2.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.110-2.el9_8?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.110-2.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src"
},
"product_reference": "tomcat-1:9.0.110-2.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-lib-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.110-2.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.110-2.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:41:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18916"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:41:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T13:41:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:18916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-1:9.0.110-2.el9_8.src",
"AppStream-9.8.0.GA:tomcat-admin-webapps-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-docs-webapp-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-el-3.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-jsp-2.3-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-lib-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-servlet-4.0-api-1:9.0.110-2.el9_8.noarch",
"AppStream-9.8.0.GA:tomcat-webapps-1:9.0.110-2.el9_8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
RHSA-2026:2740
Vulnerability from csaf_redhat - Published: 2026-02-16 18:57 - Updated: 2026-05-28 20:48Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release
Severity
Moderate
Notes
Topic: Red Hat JBoss Web Server 6.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.
6.5 (Medium)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control SequencesAffected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2740",
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2740.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release",
"tracking": {
"current_release_date": "2026-05-28T20:48:18+00:00",
"generator": {
"date": "2026-05-28T20:48:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:2740",
"initial_release_date": "2026-02-16T18:57:53+00:00",
"revision_history": [
{
"date": "2026-02-16T18:57:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T20:39:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:48:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 10",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el10"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el10jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
RHSA-2026:2741
Vulnerability from csaf_redhat - Published: 2026-02-16 18:55 - Updated: 2026-05-28 20:48Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release
Severity
Moderate
Notes
Topic: Red Hat JBoss Web Server 6.2.0 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Linux Enterprise 10, and Windows Server.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 6.2.0
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:6.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 6.2.0
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:6.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control SequencesAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 6.2.0
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:6.2
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.2.0 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Linux Enterprise 10, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2741",
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2741.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release",
"tracking": {
"current_release_date": "2026-05-28T20:48:16+00:00",
"generator": {
"date": "2026-05-28T20:48:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:2741",
"initial_release_date": "2026-02-16T18:55:18+00:00",
"revision_history": [
{
"date": "2026-02-16T18:55:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T20:39:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:48:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2.0",
"product": {
"name": "Red Hat JBoss Web Server 6.2.0",
"product_id": "Red Hat JBoss Web Server 6.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:55:18+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:55:18+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 6.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:55:18+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2741"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Web Server 6.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
RHSA-2026:6569
Vulnerability from csaf_redhat - Published: 2026-04-04 16:29 - Updated: 2026-05-19 15:27Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
tomcat11:
* tomcat11-11.0.21-0.1.hum1 (noarch)
* tomcat11-admin-webapps-11.0.21-0.1.hum1 (noarch)
* tomcat11-docs-webapp-11.0.21-0.1.hum1 (noarch)
* tomcat11-el-6.0-api-11.0.21-0.1.hum1 (noarch)
* tomcat11-jsp-4.0-api-11.0.21-0.1.hum1 (noarch)
* tomcat11-lib-11.0.21-0.1.hum1 (noarch)
* tomcat11-servlet-6.1-api-11.0.21-0.1.hum1 (noarch)
* tomcat11-webapps-11.0.21-0.1.hum1 (noarch)
* tomcat11-11.0.21-0.1.hum1.src (source)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker's session. This could allow an attacker to hijack the victim's session and perform actions on their behalf.
6.5 (Medium)
Affected products
Threats
Impact
Moderate
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Threats
Impact
Important
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.
CWE-150 - Improper Neutralization of Escape, Meta, or Control SequencesAffected products
Threats
Impact
Moderate
A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
5.3 (Medium)
Affected products
Threats
Impact
Moderate
A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application.
5.3 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0.9 protocol can bypass the intended denial rule, enabling an attacker to access resources that should be protected.
5.3 (Medium)
Affected products
Threats
Impact
Low
A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol (OCSP) responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability could allow an attacker to bypass certificate revocation checks, potentially leading to the acceptance of revoked certificates.
7.4 (High)
Affected products
Threats
Impact
Important
References
52 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ntomcat11:\n * tomcat11-11.0.21-0.1.hum1 (noarch)\n * tomcat11-admin-webapps-11.0.21-0.1.hum1 (noarch)\n * tomcat11-docs-webapp-11.0.21-0.1.hum1 (noarch)\n * tomcat11-el-6.0-api-11.0.21-0.1.hum1 (noarch)\n * tomcat11-jsp-4.0-api-11.0.21-0.1.hum1 (noarch)\n * tomcat11-lib-11.0.21-0.1.hum1 (noarch)\n * tomcat11-servlet-6.1-api-11.0.21-0.1.hum1 (noarch)\n * tomcat11-webapps-11.0.21-0.1.hum1 (noarch)\n * tomcat11-11.0.21-0.1.hum1.src (source)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6569",
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55668",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61795",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55754",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55752",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24733",
"url": "https://access.redhat.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66614",
"url": "https://access.redhat.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24734",
"url": "https://access.redhat.com/security/cve/CVE-2026-24734"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6569.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-19T15:27:02+00:00",
"generator": {
"date": "2026-05-19T15:27:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:6569",
"initial_release_date": "2026-04-04T16:29:57+00:00",
"revision_history": [
{
"date": "2026-04-04T16:29:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T19:58:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-19T15:27:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-main@noarch",
"product": {
"name": "tomcat11-main@noarch",
"product_id": "tomcat11-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat11@11.0.21-0.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-main@src",
"product": {
"name": "tomcat11-main@src",
"product_id": "tomcat11-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat11@11.0.21-0.1.hum1?arch=source\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat11-main@noarch"
},
"product_reference": "tomcat11-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat11-main@src"
},
"product_reference": "tomcat11-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-04T16:29:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-04T16:29:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "An improper input neutralization flaw has been discovered in Apache Tomcat. \nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-04T16:29:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-04T16:29:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
},
{
"cve": "CVE-2025-66614",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-02-17T20:04:14.943661+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440430"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Client certificate verification bypass due to virtual host mapping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "RHBZ#2440430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66614"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7",
"url": "https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"
}
],
"release_date": "2026-02-17T18:48:30.577000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-04T16:29:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Client certificate verification bypass due to virtual host mapping"
},
{
"cve": "CVE-2026-24733",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2026-02-17T20:05:04.953085+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0.9 protocol can bypass the intended denial rule, enabling an attacker to access resources that should be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security constraint bypass with HTTP/0.9",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when Tomcat is configured to allow HEAD requests but deny GET requests to the same resource, a very unlikely configuration. Due to this reason, this flaw has been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "RHBZ#2440437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24733"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f",
"url": "https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f"
}
],
"release_date": "2026-02-17T18:50:43.871000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-04T16:29:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, ensure that security constraints are consistent across similar methods (e.g., if GET is denied, HEAD should likely be denied) or block HTTP/0.9 traffic via a reverse proxy or firewall, if it is not required.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security constraint bypass with HTTP/0.9"
},
{
"cve": "CVE-2026-24734",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-02-17T20:03:45.051629+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2440426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol (OCSP) responder is used, the Tomcat Native component, and Tomcat\u0027s FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability could allow an attacker to bypass certificate revocation checks, potentially leading to the acceptance of revoked certificates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability doesn\u0027t affect the Apache Tomcat distributed with Red Hat Enterprise 8 and Red Hat Enterprise up to the version 9.7 as the vulnerable code is not built. The vulnerable code is compiled with Red Hat Enterprise Linux 9.8 and above.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24734"
},
{
"category": "external",
"summary": "RHBZ#2440426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24734"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml",
"url": "https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml"
}
],
"release_date": "2026-02-17T18:53:12.228000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-04T16:29:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6569"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…