Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-31651 (GCVE-0-2025-31651)
Vulnerability from cvelistv5 – Published: 2025-04-28 19:17 – Updated: 2026-02-26 18:27
VLAI
EPSS
Title
Apache Tomcat: Bypass of rules in Rewrite Valve
Summary
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible
for a specially crafted request to bypass some rewrite rules. If those
rewrite rules effectively enforced security constraints, those
constraints could be bypassed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.5
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.39 (semver) Affected: 9.0.0.M1 , ≤ 9.0.102 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 8.0.0.RC1 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
COSCO Shipping Lines DIC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:12.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/28/3"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T03:55:44.862157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:59.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.5",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.39",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.102",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "8.0.0.RC1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "COSCO Shipping Lines DIC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u0026nbsp;For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u00a0For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:46:27.496Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Bypass of rules in Rewrite Valve",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-31651",
"datePublished": "2025-04-28T19:17:21.721Z",
"dateReserved": "2025-03-31T12:25:25.164Z",
"dateUpdated": "2026-02-26T18:27:59.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-31651",
"date": "2026-06-29",
"epss": "0.0418",
"percentile": "0.89653"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-31651\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-04-28T20:15:20.783\",\"lastModified\":\"2026-06-17T09:10:44.123\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u00a0For a subset of unlikely rewrite rule configurations, it was possible \\nfor a specially crafted request to bypass some rewrite rules. If those \\nrewrite rules effectively enforced security constraints, those \\nconstraints could be bypassed.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \\nmay also be affected.\\n\\n\\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de neutralizaci\u00f3n incorrecta de secuencias de escape, metadatos o de control en Apache Tomcat. En un subconjunto de configuraciones improbables de reglas de reescritura, una solicitud especialmente manipulada pod\u00eda eludir algunas reglas de reescritura. Si dichas reglas aplicaban restricciones de seguridad de forma eficaz, estas pod\u00edan eludirse. Este problema afecta a Apache Tomcat: de la 11.0.0-M1 a la 11.0.5, de la 10.1.0-M1 a la 10.1.39 y de la 9.0.0.M1 a la 9.0.102. Se recomienda a los usuarios actualizar a la versi\u00f3n [FIXED_VERSION], que soluciona el problema.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Tomcat\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"11.0.0-M1\",\"lessThanOrEqual\":\"11.0.5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"10.1.0-M1\",\"lessThanOrEqual\":\"10.1.39\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.0.0.M1\",\"lessThanOrEqual\":\"9.0.102\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"lessThanOrEqual\":\"8.5.100\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.0.0.RC1\",\"lessThan\":\"8.5.0\",\"versionType\":\"semver\",\"status\":\"unknown\"},{\"version\":\"10.0.0-M1\",\"lessThanOrEqual\":\"10.0.27\",\"versionType\":\"semver\",\"status\":\"unknown\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-07-30T03:55:44.862157Z\",\"id\":\"CVE-2025-31651\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.104\",\"matchCriteriaId\":\"BB09D245-9455-444D-8265-743642DD53C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.40\",\"matchCriteriaId\":\"E5BD6C26-75CE-4DDC-BF4D-5A5187BD4CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.6\",\"matchCriteriaId\":\"9331B3B3-C3C4-4D12-BE11-043F6614B2D3\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/list.html?announce@tomcat.apache.org\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/04/28/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/28/3\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:53:12.871Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-31651\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-30T03:55:44.862157Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-06T20:12:30.307Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: Bypass of rules in Rewrite Valve\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"COSCO Shipping Lines DIC\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.5\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.39\"}, {\"status\": \"affected\", \"version\": \"9.0.0.M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.102\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"unknown\", \"version\": \"8.0.0.RC1\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/list.html?announce@tomcat.apache.org\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\\u00a0For a subset of unlikely rewrite rule configurations, it was possible \\nfor a specially crafted request to bypass some rewrite rules. If those \\nrewrite rules effectively enforced security constraints, those \\nconstraints could be bypassed.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \\nmay also be affected.\\n\\n\\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\u0026nbsp;For a subset of unlikely rewrite rule configurations, it was possible \\nfor a specially crafted request to bypass some rewrite rules. If those \\nrewrite rules effectively enforced security constraints, those \\nconstraints could be bypassed.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \\nmay also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-116\", \"description\": \"CWE-116 Improper Encoding or Escaping of Output\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:46:27.496Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-31651\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T18:27:59.801Z\", \"dateReserved\": \"2025-03-31T12:25:25.164Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-04-28T19:17:21.721Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:23048
Vulnerability from csaf_redhat - Published: 2025-12-10 17:45 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23048",
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23048.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:16+00:00",
"generator": {
"date": "2026-06-30T03:13:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:23048",
"initial_release_date": "2025-12-10T17:45:03+00:00",
"revision_history": [
{
"date": "2025-12-10T17:45:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T17:45:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_10.7.src",
"product": {
"name": "tomcat-1:9.0.87-1.el8_10.7.src",
"product_id": "tomcat-1:9.0.87-1.el8_10.7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.7?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_10.7?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_10.7.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src"
},
"product_reference": "tomcat-1:9.0.87-1.el8_10.7.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el8_10.7.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T17:45:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T17:45:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23048"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.7.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.7.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23049
Vulnerability from csaf_redhat - Published: 2025-12-10 15:15 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23049",
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23049.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:16+00:00",
"generator": {
"date": "2026-06-30T03:13:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:23049",
"initial_release_date": "2025-12-10T15:15:23+00:00",
"revision_history": [
{
"date": "2025-12-10T15:15:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T15:15:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-6.el9_7.1.src",
"product": {
"name": "tomcat-1:9.0.87-6.el9_7.1.src",
"product_id": "tomcat-1:9.0.87-6.el9_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-6.el9_7.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_id": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-6.el9_7.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-6.el9_7.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src"
},
"product_reference": "tomcat-1:9.0.87-6.el9_7.1.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-6.el9_7.1.noarch",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:15:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:15:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23049"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-1:9.0.87-6.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-lib-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-6.el9_7.1.noarch",
"AppStream-9.7.0.Z.MAIN:tomcat-webapps-1:9.0.87-6.el9_7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23050
Vulnerability from csaf_redhat - Published: 2025-12-10 14:45 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23050",
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23050.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:21+00:00",
"generator": {
"date": "2026-06-30T03:13:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:23050",
"initial_release_date": "2025-12-10T14:45:33+00:00",
"revision_history": [
{
"date": "2025-12-10T14:45:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:45:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-5.0-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product": {
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_id": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@10.1.36-3.el10_1.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-3.el10_1.1.src",
"product": {
"name": "tomcat-1:10.1.36-3.el10_1.1.src",
"product_id": "tomcat-1:10.1.36-3.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-3.el10_1.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-3.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src"
},
"product_reference": "tomcat-1:10.1.36-3.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
},
"product_reference": "tomcat-webapps-1:10.1.36-3.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:45:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23050"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-1:10.1.36-3.el10_1.1.src",
"AppStream-10.1.Z:tomcat-admin-webapps-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-docs-webapp-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-el-5.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-jsp-3.1-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-lib-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-servlet-6.0-api-1:10.1.36-3.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat-webapps-1:10.1.36-3.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2025:23051
Vulnerability from csaf_redhat - Published: 2025-12-10 14:38 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: tomcat security update
Severity
Important
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service (CVE-2025-61795)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23051",
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23051.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:16+00:00",
"generator": {
"date": "2026-06-30T03:13:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:23051",
"initial_release_date": "2025-12-10T14:38:53+00:00",
"revision_history": [
{
"date": "2025-12-10T14:38:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:38:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-5.0-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product": {
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_id": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@10.1.36-1.el10_0.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:10.1.36-1.el10_0.3.src",
"product": {
"name": "tomcat-1:10.1.36-1.el10_0.3.src",
"product_id": "tomcat-1:10.1.36-1.el10_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@10.1.36-1.el10_0.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:10.1.36-1.el10_0.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src"
},
"product_reference": "tomcat-1:10.1.36-1.el10_0.3.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
},
"product_reference": "tomcat-webapps-1:10.1.36-1.el10_0.3.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"discovery_date": "2025-10-27T18:01:06.418669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406588"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "RHBZ#2406588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61795"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06",
"url": "https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp",
"url": "https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"
}
],
"release_date": "2025-10-27T17:30:28.334000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:38:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23051"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-1:10.1.36-1.el10_0.3.src",
"AppStream-10.0.Z.E2S:tomcat-admin-webapps-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-docs-webapp-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-el-5.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-jsp-3.1-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-lib-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-servlet-6.0-api-1:10.1.36-1.el10_0.3.noarch",
"AppStream-10.0.Z.E2S:tomcat-webapps-1:10.1.36-1.el10_0.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service"
}
]
}
RHSA-2025:23052
Vulnerability from csaf_redhat - Published: 2025-12-10 14:44 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: tomcat9 security update
Severity
Important
Notes
Topic: An update for tomcat9 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat9 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23052",
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23052.json"
}
],
"title": "Red Hat Security Advisory: tomcat9 security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:16+00:00",
"generator": {
"date": "2026-06-30T03:13:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:23052",
"initial_release_date": "2025-12-10T14:44:53+00:00",
"revision_history": [
{
"date": "2025-12-10T14:44:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:44:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-admin-webapps@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-docs-webapp@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-el-3.0-api@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-jsp-2.3-api@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-lib@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-servlet-4.0-api@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"product": {
"name": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_id": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-webapps@9.0.87-8.el10_1.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-8.el10_1.1.src",
"product": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.src",
"product_id": "tomcat9-1:9.0.87-8.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-8.el10_1.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-8.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src"
},
"product_reference": "tomcat9-1:9.0.87-8.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
},
"product_reference": "tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:44:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:44:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23052"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-1:9.0.87-8.el10_1.1.src",
"AppStream-10.1.Z:tomcat9-admin-webapps-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-docs-webapp-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-el-3.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-jsp-2.3-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-lib-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-servlet-4.0-api-1:9.0.87-8.el10_1.1.noarch",
"AppStream-10.1.Z:tomcat9-webapps-1:9.0.87-8.el10_1.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2025:23053
Vulnerability from csaf_redhat - Published: 2025-12-10 14:39 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: tomcat9 security update
Severity
Important
Notes
Topic: An update for tomcat9 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat9 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23053",
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23053.json"
}
],
"title": "Red Hat Security Advisory: tomcat9 security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:16+00:00",
"generator": {
"date": "2026-06-30T03:13:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:23053",
"initial_release_date": "2025-12-10T14:39:58+00:00",
"revision_history": [
{
"date": "2025-12-10T14:39:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T14:39:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-admin-webapps@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-docs-webapp@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-el-3.0-api@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-jsp-2.3-api@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-lib@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-servlet-4.0-api@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"product": {
"name": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_id": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9-webapps@9.0.87-5.el10_0.4?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat9-1:9.0.87-5.el10_0.4.src",
"product": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.src",
"product_id": "tomcat9-1:9.0.87-5.el10_0.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat9@9.0.87-5.el10_0.4?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-1:9.0.87-5.el10_0.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src"
},
"product_reference": "tomcat9-1:9.0.87-5.el10_0.4.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
},
"product_reference": "tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:39:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T14:39:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23053"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-1:9.0.87-5.el10_0.4.src",
"AppStream-10.0.Z.E2S:tomcat9-admin-webapps-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-docs-webapp-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-el-3.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-jsp-2.3-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-lib-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-servlet-4.0-api-1:9.0.87-5.el10_0.4.noarch",
"AppStream-10.0.Z.E2S:tomcat9-webapps-1:9.0.87-5.el10_0.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2026:0292
Vulnerability from csaf_redhat - Published: 2026-01-08 07:23 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: pki-servlet-engine security update
Severity
Important
Notes
Topic: An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0292",
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0292.json"
}
],
"title": "Red Hat Security Advisory: pki-servlet-engine security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:31+00:00",
"generator": {
"date": "2026-06-30T03:13:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:0292",
"initial_release_date": "2026-01-08T07:23:28+00:00",
"revision_history": [
{
"date": "2026-01-08T07:23:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T07:23:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.43-4.el9_0.2?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"product_id": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.43-4.el9_0.2?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"product": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"product_id": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.43-4.el9_0.2?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
},
"product_reference": "pki-servlet-engine-1:9.0.43-4.el9_0.2.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:23:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:23:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0292"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:pki-servlet-4.0-api-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.noarch",
"AppStream-9.0.0.Z.E4S:pki-servlet-engine-1:9.0.43-4.el9_0.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2026:0293
Vulnerability from csaf_redhat - Published: 2026-01-08 07:28 - Updated: 2026-06-30 03:13Summary
Red Hat Security Advisory: pki-servlet-engine security update
Severity
Important
Notes
Topic: An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0293",
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0293.json"
}
],
"title": "Red Hat Security Advisory: pki-servlet-engine security update",
"tracking": {
"current_release_date": "2026-06-30T03:13:32+00:00",
"generator": {
"date": "2026-06-30T03:13:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:0293",
"initial_release_date": "2026-01-08T07:28:53+00:00",
"revision_history": [
{
"date": "2026-01-08T07:28:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T07:28:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:13:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"product_id": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.50-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"product": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"product_id": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.50-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"product": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"product_id": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.50-1.el9_2.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch"
},
"product_reference": "pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
},
"product_reference": "pki-servlet-engine-1:9.0.50-1.el9_2.3.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:28:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T07:28:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0293"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:pki-servlet-4.0-api-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.E4S:pki-servlet-engine-1:9.0.50-1.el9_2.3.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2026:2724
Vulnerability from csaf_redhat - Published: 2026-02-16 11:56 - Updated: 2026-06-30 03:14Summary
Red Hat Security Advisory: pki-deps:10.6 security update
Severity
Important
Notes
Topic: An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
140 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
140 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2724",
"url": "https://access.redhat.com/errata/RHSA-2026:2724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2724.json"
}
],
"title": "Red Hat Security Advisory: pki-deps:10.6 security update",
"tracking": {
"current_release_date": "2026-06-30T03:14:25+00:00",
"generator": {
"date": "2026-06-30T03:14:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:2724",
"initial_release_date": "2026-02-16T11:56:58+00:00",
"revision_history": [
{
"date": "2026-02-16T11:56:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T11:56:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:14:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6)",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-3.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.30-1.module%2Bel8.4.0%2B23942%2Bfa6501e9.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.4.0%2B23942%2Bfa6501e9.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-6.module%2Bel8.4.0%2B23399%2Bfc91639f?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"product": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6)",
"product_id": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-net@3.6-3.module%2Bel8.3.0%2B6805%2B72837426?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-3.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-2.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.4.0%2B23391%2Bb488e6bf?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.30-1.module%2Bel8.4.0%2B23942%2Bfa6501e9.3?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-6.module%2Bel8.4.0%2B23399%2Bfc91639f?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8040020260129154709:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6"
},
"product_reference": "apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:56:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2724"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:56:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2724"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:apache-commons-net-0:3.6-3.module+el8.3.0+6805+72837426.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:fasterxml-oss-parent-0:69-3.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-annotations-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-bom-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-core-0:2.19.1-2.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-databind-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-jaxrs-providers-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-modules-base-0:2.19.1-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jackson-parent-0:2.19.2-1.module+el8.4.0+23391+b488e6bf.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-4.0-api-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:pki-servlet-engine-1:9.0.30-1.module+el8.4.0+23942+fa6501e9.3.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:resteasy-0:3.0.26-6.module+el8.4.0+23399+fc91639f.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.4.0.Z.EUS.EXTENSION:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
RHSA-2026:2725
Vulnerability from csaf_redhat - Published: 2026-02-16 11:27 - Updated: 2026-06-30 03:14Summary
Red Hat Security Advisory: pki-deps:10.6 security update
Severity
Important
Notes
Topic: An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.
5.3 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.
7.5 (High)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)\n\n* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2725",
"url": "https://access.redhat.com/errata/RHSA-2026:2725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2725.json"
}
],
"title": "Red Hat Security Advisory: pki-deps:10.6 security update",
"tracking": {
"current_release_date": "2026-06-30T03:14:25+00:00",
"generator": {
"date": "2026-06-30T03:14:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:2725",
"initial_release_date": "2026-02-16T11:27:07+00:00",
"revision_history": [
{
"date": "2026-02-16T11:27:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T11:27:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:14:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.7-16.module%2Bel8.2.0%2B23940%2Bb159abcc.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.7-16.module%2Bel8.2.0%2B23940%2Bb159abcc.3?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B23401%2B65186842?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/fasterxml-oss-parent@69-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-bom@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6)",
"product_id": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-parent@2.19.2-1.module%2Bel8.2.0%2B23390%2B7631bd3f?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.7-16.module%2Bel8.2.0%2B23940%2Bb159abcc.3?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.2.0%2B23401%2B65186842?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.2.0%2B5723%2B4574fbff?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8020020260128173505:4cda2c84"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6"
},
"product_reference": "jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31651",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-04-28T20:00:56.551028+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2362782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat\u0027s rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Low severity because it only manifests under a narrow set of conditions involving uncommon and non-default rewrite rule configurations that rely on specific patterns in the raw requestURI, including path parameters. In most deployments, rewrite rules operate on decoded and normalized URIs or are used for non-security-critical purposes like routing. Furthermore, Tomcat\u2019s internal processing already normalizes and removes path parameters (;-delimited) before applying security constraints, meaning any bypass would only be feasible if the rewrite logic directly enforced security (which is a poor practice). The flaw does not allow direct code execution, data leakage, or privilege escalation unless the rewrite rule was explicitly misused as a substitute for proper access control. \n\nIts impact is further mitigated by the fact that rewrite rules are not typically relied upon for access enforcement. As such, while the bug may lead to incorrect rule evaluation under certain edge-case configurations, it does not represent a significant security risk in practice.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "RHBZ#2362782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31651"
},
{
"category": "external",
"summary": "https://lists.apache.org/list.html?announce@tomcat.apache.org",
"url": "https://lists.apache.org/list.html?announce@tomcat.apache.org"
}
],
"release_date": "2025-04-28T19:17:21.721000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:27:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2725"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve"
},
{
"cve": "CVE-2025-55752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2025-10-27T18:01:22.818037+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406591"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If HTTP PUT requests are also enabled, this flaw could allow the upload of malicious files, potentially leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important rather than Critical because successful exploitation depends on specific, non-default configuration conditions. The flaw only becomes exploitable when both URL rewriting rules that modify the request path are in use and HTTP PUT requests are enabled \u2014 a feature typically restricted to administrative or trusted users. In standard Tomcat deployments, PUT is disabled or tightly controlled, and rewrite configurations rarely expose sensitive paths. Therefore, while the issue could theoretically lead to remote code execution, the limited attack surface and requirement for uncommon setup conditions significantly reduce its overall risk level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "RHBZ#2406591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55752"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a",
"url": "https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog",
"url": "https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"
}
],
"release_date": "2025-10-27T17:29:56.060000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T11:27:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2725"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduced the risk, by disabling or strictly limiting the use of HTTP PUT requests to trusted, authenticated users only. Additionally, administrators should review and adjust URL rewrite rules to ensure they do not manipulate request paths in ways that could expose protected directories such as /WEB-INF/ or /META-INF/. Implementing strict access controls and monitoring for unexpected rewrite or upload behavior can further minimize potential exploitation.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:fasterxml-oss-parent-0:69-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-bom-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-core-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-databind-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-json-provider-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-jaxrs-providers-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-module-jaxb-annotations-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-modules-base-0:2.19.1-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jackson-parent-0:2.19.2-1.module+el8.2.0+23390+7631bd3f.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-4.0-api-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:pki-servlet-engine-1:9.0.7-16.module+el8.2.0+23940+b159abcc.3.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:resteasy-0:3.0.26-3.module+el8.2.0+23401+65186842.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:stax-ex-0:1.7.7-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xmlstreambuffer-0:1.5.4-8.module+el8.2.0+5723+4574fbff.src::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.2.0.Z.AUS:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…