Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-50379 (GCVE-0-2024-50379)
Vulnerability from cvelistv5 – Published: 2024-12-17 12:34 – Updated: 2025-11-03 20:45
VLAI
EPSS
Title
Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
Summary
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
5 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.1
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.33 (semver) Affected: 9.0.0.M1 , ≤ 9.0.97 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Unknown: 3 , < 8.5.0 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
Nacl, WHOAMI, Yemoli and Ruozhi
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50379",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T03:55:50.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:45:15.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/17/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/18/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250103-0003/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.1",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.33",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.97",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThan": "8.5.0",
"status": "unknown",
"version": "3",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nacl, WHOAMI, Yemoli and Ruozhi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:51:41.706Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: RCE due to TOCTOU issue in JSP compilation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-50379",
"datePublished": "2024-12-17T12:34:54.827Z",
"dateReserved": "2024-10-23T13:31:10.241Z",
"dateUpdated": "2025-11-03T20:45:15.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-50379",
"date": "2026-06-06",
"epss": "0.84587",
"percentile": "0.9935"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50379\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-12-17T13:15:18.810\",\"lastModified\":\"2025-11-03T21:17:20.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\\n\\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de tiempo de uso y tiempo de verificaci\u00f3n (TOCTOU) durante la compilaci\u00f3n de JSP en Apache Tomcat permite un RCE en sistemas de archivos que no distinguen entre may\u00fasculas y min\u00fasculas cuando el servlet predeterminado est\u00e1 habilitado para escritura (configuraci\u00f3n no predeterminada). Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.1, desde 10.1.0-M1 hasta 10.1.33, desde 9.0.0.M1 hasta 9.0.97. Se recomienda a los usuarios que actualicen a la versi\u00f3n 11.0.2, 10.1.34 o 9.0.08, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.98\",\"matchCriteriaId\":\"4A10E3B7-32E3-40A9-9633-CAA2F1E2EFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.34\",\"matchCriteriaId\":\"499AC261-223E-483B-81AF-AFD6BEA35502\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.2\",\"matchCriteriaId\":\"EC54C74D-E851-4A9A-9C49-B8C80D5502AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/12/17/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/12/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250103-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/12/17/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/12/18/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250103-0003/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-01-03T12:04:28.838Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-17T16:54:54.910759Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-17T16:55:09.697Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: RCE due to TOCTOU issue in JSP compilation\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nacl, WHOAMI, Yemoli and Ruozhi\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.1\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.33\"}, {\"status\": \"affected\", \"version\": \"9.0.0.M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.97\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"unknown\", \"version\": \"3\", \"lessThan\": \"8.5.0\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"10.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.27\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\\n\\nThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\\n\\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTime-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\u003c/p\u003e\u003cp\u003eThe following versions were EOL at the time the CVE was created but are \\nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-10-29T11:51:41.706Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-50379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-29T11:51:41.706Z\", \"dateReserved\": \"2024-10-23T13:31:10.241Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-12-17T12:34:54.827Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:3645
Vulnerability from csaf_redhat - Published: 2025-04-07 17:36 - Updated: 2026-05-10 14:26Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.
8.1 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.
8.6 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)\n\n* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3645",
"url": "https://access.redhat.com/errata/RHSA-2025:3645"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3645.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-10T14:26:47+00:00",
"generator": {
"date": "2026-05-10T14:26:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:3645",
"initial_release_date": "2025-04-07T17:36:37+00:00",
"revision_history": [
{
"date": "2025-04-07T17:36:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-07T17:36:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:26:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-2.el9_5.1.src",
"product": {
"name": "tomcat-1:9.0.87-2.el9_5.1.src",
"product_id": "tomcat-1:9.0.87-2.el9_5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-2.el9_5.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-2.el9_5.1.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-2.el9_5.1.noarch",
"product_id": "tomcat-webapps-1:9.0.87-2.el9_5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-2.el9_5.1?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-2.el9_5.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src"
},
"product_reference": "tomcat-1:9.0.87-2.el9_5.1.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-2.el9_5.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-2.el9_5.1.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2024-12-17T13:00:50.363147+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332817"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: RCE due to TOCTOU issue in JSP compilation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw can only be exploited when the `readonly` initialization parameter value is set to `false`, when running on case insensitive file systems and when the application is under load, specifically when read and upload operations are performed on the same file simultaneously.\n\nThe default `readonly` initialization parameter value is `true` and not vulnerable to this issue.\n\nDue to the conditions for this issue to be exploited, especially because it requires unlikely configurations, this flaw has been rated with a Moderate severity.\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directed impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "RHBZ#2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r",
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
}
],
"release_date": "2024-12-17T12:34:54.827000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-07T17:36:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3645"
},
{
"category": "workaround",
"details": "Consider setting the readonly initialization parameter value to true (the default value), if that is not possible, do not use a case-insensitive file system.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: RCE due to TOCTOU issue in JSP compilation"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2025-03-10T17:00:47.696071+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351129"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled\u00a0Default Servlet\u00a0in Apache Tomcat. \n\nFor the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Moderate impact (rather than Important) because it requires multiple non-default configurations to be exploitable, significantly limiting its impact in typical deployments. For remote code execution (RCE), exploitation requires both file-based session persistence and a library vulnerable to deserialization, further reducing its likelihood. For information disclosure or file injection, the attack is only possible if writes are enabled for the default servlet, partial PUT requests are supported, and sensitive file uploads occur within a publicly writable directory. The combination of all three of these conditions is uncommon in secure environments. Since most modern Tomcat deployments do not meet all these criteria simultaneously, the overall risk is reduced\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directly impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform. Satellite configuration does not contain affected parameters that would make Tomcat vulnerable, therefore, even if a vulnerable Tomcat version is shipped with affected RHEL release alongside Satellite, there is no chance of it being exposed to flaw in Red Hat Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "RHBZ#2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq",
"url": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-03-10T16:44:03.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-07T17:36:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3645"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-1:9.0.87-2.el9_5.1.src",
"AppStream-9.5.0.Z.MAIN:tomcat-admin-webapps-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-docs-webapp-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-el-3.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-jsp-2.3-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-lib-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-servlet-4.0-api-1:9.0.87-2.el9_5.1.noarch",
"AppStream-9.5.0.Z.MAIN:tomcat-webapps-1:9.0.87-2.el9_5.1.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-04-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT"
}
]
}
RHSA-2025:3646
Vulnerability from csaf_redhat - Published: 2025-04-07 17:36 - Updated: 2026-05-10 14:26Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.
8.1 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.
8.6 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)\n\n* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3646",
"url": "https://access.redhat.com/errata/RHSA-2025:3646"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3646.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-10T14:26:49+00:00",
"generator": {
"date": "2026-05-10T14:26:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:3646",
"initial_release_date": "2025-04-07T17:36:37+00:00",
"revision_history": [
{
"date": "2025-04-07T17:36:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-07T17:36:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:26:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_2.3.src",
"product": {
"name": "tomcat-1:9.0.87-1.el9_2.3.src",
"product_id": "tomcat-1:9.0.87-1.el9_2.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el9_2.3.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el9_2.3.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el9_2.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_2.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src"
},
"product_reference": "tomcat-1:9.0.87-1.el9_2.3.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el9_2.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el9_2.3.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2024-12-17T13:00:50.363147+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332817"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: RCE due to TOCTOU issue in JSP compilation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw can only be exploited when the `readonly` initialization parameter value is set to `false`, when running on case insensitive file systems and when the application is under load, specifically when read and upload operations are performed on the same file simultaneously.\n\nThe default `readonly` initialization parameter value is `true` and not vulnerable to this issue.\n\nDue to the conditions for this issue to be exploited, especially because it requires unlikely configurations, this flaw has been rated with a Moderate severity.\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directed impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "RHBZ#2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r",
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
}
],
"release_date": "2024-12-17T12:34:54.827000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-07T17:36:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3646"
},
{
"category": "workaround",
"details": "Consider setting the readonly initialization parameter value to true (the default value), if that is not possible, do not use a case-insensitive file system.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: RCE due to TOCTOU issue in JSP compilation"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2025-03-10T17:00:47.696071+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351129"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled\u00a0Default Servlet\u00a0in Apache Tomcat. \n\nFor the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Moderate impact (rather than Important) because it requires multiple non-default configurations to be exploitable, significantly limiting its impact in typical deployments. For remote code execution (RCE), exploitation requires both file-based session persistence and a library vulnerable to deserialization, further reducing its likelihood. For information disclosure or file injection, the attack is only possible if writes are enabled for the default servlet, partial PUT requests are supported, and sensitive file uploads occur within a publicly writable directory. The combination of all three of these conditions is uncommon in secure environments. Since most modern Tomcat deployments do not meet all these criteria simultaneously, the overall risk is reduced\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directly impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform. Satellite configuration does not contain affected parameters that would make Tomcat vulnerable, therefore, even if a vulnerable Tomcat version is shipped with affected RHEL release alongside Satellite, there is no chance of it being exposed to flaw in Red Hat Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "RHBZ#2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq",
"url": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-03-10T16:44:03.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-07T17:36:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3646"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.3.src",
"AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.3.noarch",
"AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.3.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-04-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT"
}
]
}
RHSA-2025:3647
Vulnerability from csaf_redhat - Published: 2025-04-07 17:37 - Updated: 2026-05-10 14:26Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.
8.1 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.
8.6 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)\n\n* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3647",
"url": "https://access.redhat.com/errata/RHSA-2025:3647"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3647.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-10T14:26:50+00:00",
"generator": {
"date": "2026-05-10T14:26:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:3647",
"initial_release_date": "2025-04-07T17:37:12+00:00",
"revision_history": [
{
"date": "2025-04-07T17:37:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-07T17:37:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:26:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_4.3.src",
"product": {
"name": "tomcat-1:9.0.87-1.el9_4.3.src",
"product_id": "tomcat-1:9.0.87-1.el9_4.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el9_4.3.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el9_4.3.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el9_4.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_4.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el9_4.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src"
},
"product_reference": "tomcat-1:9.0.87-1.el9_4.3.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el9_4.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el9_4.3.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2024-12-17T13:00:50.363147+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332817"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: RCE due to TOCTOU issue in JSP compilation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw can only be exploited when the `readonly` initialization parameter value is set to `false`, when running on case insensitive file systems and when the application is under load, specifically when read and upload operations are performed on the same file simultaneously.\n\nThe default `readonly` initialization parameter value is `true` and not vulnerable to this issue.\n\nDue to the conditions for this issue to be exploited, especially because it requires unlikely configurations, this flaw has been rated with a Moderate severity.\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directed impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "RHBZ#2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r",
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
}
],
"release_date": "2024-12-17T12:34:54.827000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-07T17:37:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3647"
},
{
"category": "workaround",
"details": "Consider setting the readonly initialization parameter value to true (the default value), if that is not possible, do not use a case-insensitive file system.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: RCE due to TOCTOU issue in JSP compilation"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2025-03-10T17:00:47.696071+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351129"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled\u00a0Default Servlet\u00a0in Apache Tomcat. \n\nFor the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Moderate impact (rather than Important) because it requires multiple non-default configurations to be exploitable, significantly limiting its impact in typical deployments. For remote code execution (RCE), exploitation requires both file-based session persistence and a library vulnerable to deserialization, further reducing its likelihood. For information disclosure or file injection, the attack is only possible if writes are enabled for the default servlet, partial PUT requests are supported, and sensitive file uploads occur within a publicly writable directory. The combination of all three of these conditions is uncommon in secure environments. Since most modern Tomcat deployments do not meet all these criteria simultaneously, the overall risk is reduced\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directly impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform. Satellite configuration does not contain affected parameters that would make Tomcat vulnerable, therefore, even if a vulnerable Tomcat version is shipped with affected RHEL release alongside Satellite, there is no chance of it being exposed to flaw in Red Hat Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "RHBZ#2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq",
"url": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-03-10T16:44:03.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-07T17:37:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3647"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-1:9.0.87-1.el9_4.3.src",
"AppStream-9.4.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.3.noarch",
"AppStream-9.4.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_4.3.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-04-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT"
}
]
}
RHSA-2025:3683
Vulnerability from csaf_redhat - Published: 2025-04-08 12:03 - Updated: 2026-05-10 14:26Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.
8.1 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.
8.6 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)\n\n* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3683",
"url": "https://access.redhat.com/errata/RHSA-2025:3683"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3683.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-10T14:26:50+00:00",
"generator": {
"date": "2026-05-10T14:26:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:3683",
"initial_release_date": "2025-04-08T12:03:24+00:00",
"revision_history": [
{
"date": "2025-04-08T12:03:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-08T12:03:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:26:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_10.3.src",
"product": {
"name": "tomcat-1:9.0.87-1.el8_10.3.src",
"product_id": "tomcat-1:9.0.87-1.el8_10.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.3?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el8_10.3.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el8_10.3.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el8_10.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_10.3?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_10.3.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src"
},
"product_reference": "tomcat-1:9.0.87-1.el8_10.3.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el8_10.3.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el8_10.3.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2024-12-17T13:00:50.363147+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332817"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: RCE due to TOCTOU issue in JSP compilation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw can only be exploited when the `readonly` initialization parameter value is set to `false`, when running on case insensitive file systems and when the application is under load, specifically when read and upload operations are performed on the same file simultaneously.\n\nThe default `readonly` initialization parameter value is `true` and not vulnerable to this issue.\n\nDue to the conditions for this issue to be exploited, especially because it requires unlikely configurations, this flaw has been rated with a Moderate severity.\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directed impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "RHBZ#2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r",
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
}
],
"release_date": "2024-12-17T12:34:54.827000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-08T12:03:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3683"
},
{
"category": "workaround",
"details": "Consider setting the readonly initialization parameter value to true (the default value), if that is not possible, do not use a case-insensitive file system.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: RCE due to TOCTOU issue in JSP compilation"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2025-03-10T17:00:47.696071+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351129"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled\u00a0Default Servlet\u00a0in Apache Tomcat. \n\nFor the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Moderate impact (rather than Important) because it requires multiple non-default configurations to be exploitable, significantly limiting its impact in typical deployments. For remote code execution (RCE), exploitation requires both file-based session persistence and a library vulnerable to deserialization, further reducing its likelihood. For information disclosure or file injection, the attack is only possible if writes are enabled for the default servlet, partial PUT requests are supported, and sensitive file uploads occur within a publicly writable directory. The combination of all three of these conditions is uncommon in secure environments. Since most modern Tomcat deployments do not meet all these criteria simultaneously, the overall risk is reduced\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directly impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform. Satellite configuration does not contain affected parameters that would make Tomcat vulnerable, therefore, even if a vulnerable Tomcat version is shipped with affected RHEL release alongside Satellite, there is no chance of it being exposed to flaw in Red Hat Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "RHBZ#2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq",
"url": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-03-10T16:44:03.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-08T12:03:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3683"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.3.src",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.3.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.3.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-04-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT"
}
]
}
RHSA-2025:3684
Vulnerability from csaf_redhat - Published: 2025-04-08 12:26 - Updated: 2026-05-10 14:26Summary
Red Hat Security Advisory: tomcat security update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.
8.1 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.
8.6 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)\n\n* tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3684",
"url": "https://access.redhat.com/errata/RHSA-2025:3684"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3684.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2026-05-10T14:26:45+00:00",
"generator": {
"date": "2026-05-10T14:26:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:3684",
"initial_release_date": "2025-04-08T12:26:39+00:00",
"revision_history": [
{
"date": "2025-04-08T12:26:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-08T12:26:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:26:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_8.4.src",
"product": {
"name": "tomcat-1:9.0.87-1.el8_8.4.src",
"product_id": "tomcat-1:9.0.87-1.el8_8.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.4?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-webapps-1:9.0.87-1.el8_8.4.noarch",
"product": {
"name": "tomcat-webapps-1:9.0.87-1.el8_8.4.noarch",
"product_id": "tomcat-webapps-1:9.0.87-1.el8_8.4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_8.4?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-1:9.0.87-1.el8_8.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src"
},
"product_reference": "tomcat-1:9.0.87-1.el8_8.4.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-1:9.0.87-1.el8_8.4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
},
"product_reference": "tomcat-webapps-1:9.0.87-1.el8_8.4.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2024-12-17T13:00:50.363147+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332817"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tomcat. A Time-of-check Time-of-use (TOCTOU) race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: RCE due to TOCTOU issue in JSP compilation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw can only be exploited when the `readonly` initialization parameter value is set to `false`, when running on case insensitive file systems and when the application is under load, specifically when read and upload operations are performed on the same file simultaneously.\n\nThe default `readonly` initialization parameter value is `true` and not vulnerable to this issue.\n\nDue to the conditions for this issue to be exploited, especially because it requires unlikely configurations, this flaw has been rated with a Moderate severity.\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directed impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "RHBZ#2332817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332817"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50379"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r",
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
}
],
"release_date": "2024-12-17T12:34:54.827000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-08T12:26:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3684"
},
{
"category": "workaround",
"details": "Consider setting the readonly initialization parameter value to true (the default value), if that is not possible, do not use a case-insensitive file system.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: RCE due to TOCTOU issue in JSP compilation"
},
{
"cve": "CVE-2025-24813",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2025-03-10T17:00:47.696071+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351129"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled\u00a0Default Servlet\u00a0in Apache Tomcat. \n\nFor the vulnerability to be exploited, the following conditions must be true: writes to the default servlet are enabled (disabled by default), sensitive file uploads are sub-directories of a target URL for public uploads, attackers know the names of the files, and those files are subject to partial PUT uploads enabled by default. If an application uses file-based session persistence with default storage and includes exploitable libraries, remote code execution (RCE) is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Moderate impact (rather than Important) because it requires multiple non-default configurations to be exploitable, significantly limiting its impact in typical deployments. For remote code execution (RCE), exploitation requires both file-based session persistence and a library vulnerable to deserialization, further reducing its likelihood. For information disclosure or file injection, the attack is only possible if writes are enabled for the default servlet, partial PUT requests are supported, and sensitive file uploads occur within a publicly writable directory. The combination of all three of these conditions is uncommon in secure environments. Since most modern Tomcat deployments do not meet all these criteria simultaneously, the overall risk is reduced\n\nThe Tomcat package as shipped in Red Hat Enterprise Linux 6 and 7 is not affected by this vulnerability because the vulnerable code was introduced in a newer Tomcat version.\n\nRed Hat Satellite is not directly impacted by this issue as it does not include the affected Tomcat package. However, Tomcat is consumed by Candlepin, a component of Satellite. Red Hat Satellite users are advised to check the impact state of Red Hat Enterprise Linux as any necessary fixes will be distributed through the platform. Satellite configuration does not contain affected parameters that would make Tomcat vulnerable, therefore, even if a vulnerable Tomcat version is shipped with affected RHEL release alongside Satellite, there is no chance of it being exposed to flaw in Red Hat Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "RHBZ#2351129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351129"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24813"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq",
"url": "https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2025-03-10T16:44:03.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-08T12:26:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3684"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.4.src",
"AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.4.noarch",
"AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.4.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-04-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT"
}
]
}
SUSE-SU-2025:0033-1
Vulnerability from csaf_suse - Published: 2025-02-05 10:33 - Updated: 2025-02-05 10:33Summary
Security update for tomcat10
Severity
Important
Notes
Title of the patch: Security update for tomcat10
Description of the patch: This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.34
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
+ CVE-2024-56337: RCE due to TOCTOU issue in JSP compilation - mitigation was incomplete
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: #780: Fix content-range header length. Submitted by Chenjp. (remm)
+ Fix: 69444: Ensure that the jakarta.servlet.error.message request
attribute is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
Patchnames: SUSE-2025-33,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-33,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-33,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-33,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-33,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-33,openSUSE-SLE-15.6-2025-33
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat10 fixes the following issues:\n\nUpdate to Tomcat 10.1.34\n\n- Fixed CVEs:\n + CVE-2024-54677: DoS in examples web application (bsc#1234664)\n + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663) \n + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)\n + CVE-2024-56337: RCE due to TOCTOU issue in JSP compilation - mitigation was incomplete\n- Catalina\n + Add: Add option to serve resources from subpath only with WebDAV Servlet\n like with DefaultServlet. (michaelo)\n + Fix: Add special handling for the protocols attribute of SSLHostConfig in\n storeconfig. (remm)\n + Fix: 69442: Fix case sensitive check on content-type when parsing request\n parameters. (remm)\n + Code: Refactor duplicate code for extracting media type and subtype from\n content-type into a single method. (markt)\n + Fix: Compatibility of generated embedded code with components where\n constructors or property related methods throw a checked exception. (remm)\n + Fix: The previous fix for inconsistent resource metadata during concurrent\n reads and writes was incomplete. (markt)\n + Fix: #780: Fix content-range header length. Submitted by Chenjp. (remm)\n + Fix: 69444: Ensure that the jakarta.servlet.error.message request\n attribute is set when an application defined error page is called. (markt)\n + Fix: Avoid quotes for numeric values in the JSON generated by the status\n servlet. (remm)\n + Add: Add strong ETag support for the WebDAV and default servlet, which can\n be enabled by using the useStrongETags init parameter with a value set to\n true. The ETag generated will be a SHA-1 checksum of the resource content.\n (remm)\n + Fix: Use client locale for directory listings. (remm)\n + Fix: 69439: Improve the handling of multiple Cache-Control headers in the\n ExpiresFilter. Based on pull request #777 by Chenjp. (markt)\n + Fix: 69447: Update the support for caching classes the web application\n class loader cannot find to take account of classes loaded from external\n repositories. Prior to this fix, these classes could be incorrectly marked\n as not found. (markt)\n + Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by\n users will not be removed and any header present in a HEAD request will\n also be present in the equivalent GET request. There may be some headers,\n as per RFC 9110, section 9.3.2, that are present in a GET request that are\n not present in the equivalent HEAD request. (markt)\n + Fix: 69471: Log instances of CloseNowException caught by\n ApplicationDispatcher.invoke() at debug level rather than error level as\n they are very likely to have been caused by a client disconnection or\n similar I/O issue. (markt)\n + Add: Add a test case for the fix for 69442. Also refactor references to\n application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.\n (markt)\n + Fix: 69476: Catch possible ISE when trying to report PUT failure in the\n DefaultServlet. (remm)\n + Add: Add support for RateLimit header fields for HTTP (draft) in the\n RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)\n + Add: #787: Add regression tests for 69478. Pull request provided by Thomas\n Krisch. (markt)\n + Fix: The default servlet now rejects HTTP range requests when two or more\n of the requested ranges overlap. Based on pull request #782 provided by\n Chenjp. (markt)\n + Fix: Enhance Content-Range verification for partial PUT requests handled\n by the default servlet. Provided by Chenjp in pull request #778. (markt)\n + Fix: Harmonize DataSourceStore lookup in the global resources to\n optionally avoid the comp/env prefix which is usually not used there.\n (remm)\n + Fix: As required by RFC 9110, the HTTP Range header will now only be\n processed for GET requests. Based on pull request #790 provided by Chenjp.\n (markt)\n + Fix: Deprecate the useAcceptRanges initialisation parameter for the\n default servlet. It will be removed in Tomcat 12 onwards where it will\n effectively be hard coded to true. (markt)\n + Add: Add DataSource based property storage for the WebdavServlet. (remm)\n- Coyote\n + Fix: Align encodedSolidusHandling with the Servlet specification. If the\n pass-through mode is used, any %25 sequences will now also be passed\n through to avoid errors and/or corruption when the application decodes the\n path. (markt)\n- Jasper\n + Fix: Follow-up to the fix for 69381. Apply the optimisation for method\n lookup performance in expression language to an additional location.\n (markt)\n- Web applications\n + Fix: Documentation. Remove references to the ResourceParams element.\n Support for ResourceParams was removed in Tomcat 5.5.x. (markt)\n + Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.\n The attribute is internalProxies rather than allowedInternalProxies. Pull\n request #786 (markt)\n + Fix: Examples. Fix broken links when Servlet Request Info example is\n called via a URL that includes a pathInfo component. (markt)\n + Fix: Examples. Expand the obfuscation of session cookie values in the\n request header example to JSON responses. (markt)\n + Add: Examples. Add the ability to delete session attributes in the servlet\n session example. (markt)\n + Add: Examples. Add a hard coded limit of 10 attributes per session for the\n servlet session example. (markt)\n + Add: Examples. Add the ability to delete session attributes and add a hard\n coded limit of 10 attributes per session for the JSP form authentication\n example. (markt)\n + Add: Examples. Limit the shopping cart example to only allow adding the\n pre-defined items to the cart. (markt)\n + Fix: Examples. Remove JSP calendar example. (markt)\n- Other\n + Fix: 69465: Fix warnings during native image compilation using the Tomcat\n embedded JARs. (markt)\n + Update: Update Tomcat\u0027s fork of Commons DBCP to 2.13.0. (markt)\n + Update: Update EasyMock to 5.5.0. (markt)\n + Update: Update Checkstyle to 10.20.2. (markt)\n + Update: Update BND to 7.1.0. (markt)\n + Add: Improvements to French translations. (remm)\n + Add: Improvements to Korean translations. (markt)\n + Add: Improvements to Chinese translations. (markt)\n + Add: Improvements to Japanese translations by tak7iji. (markt) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-33,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-33,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-33,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-33,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-33,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-33,openSUSE-SLE-15.6-2025-33",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0033-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0033-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250033-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0033-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020069.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233435",
"url": "https://bugzilla.suse.com/1233435"
},
{
"category": "self",
"summary": "SUSE Bug 1234663",
"url": "https://bugzilla.suse.com/1234663"
},
{
"category": "self",
"summary": "SUSE Bug 1234664",
"url": "https://bugzilla.suse.com/1234664"
},
{
"category": "self",
"summary": "SUSE Bug 1236809",
"url": "https://bugzilla.suse.com/1236809"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52317 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56337/"
}
],
"title": "Security update for tomcat10",
"tracking": {
"current_release_date": "2025-02-05T10:33:06Z",
"generator": {
"date": "2025-02-05T10:33:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0033-1",
"initial_release_date": "2025-02-05T10:33:06Z",
"revision_history": [
{
"date": "2025-02-05T10:33:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-doc-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-embed-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-jsvc-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-lib-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"product": {
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"product_id": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-doc-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-embed-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-jsvc-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-lib-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
},
"product_reference": "tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:33:06Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52317"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests \ncould lead to request and/or response mix-up between users.\n\nThis issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52317",
"url": "https://www.suse.com/security/cve/CVE-2024-52317"
},
{
"category": "external",
"summary": "SUSE Bug 1233435 for CVE-2024-52317",
"url": "https://bugzilla.suse.com/1233435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:33:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-52317"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:33:06Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2024-56337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56337"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nThe mitigation for CVE-2024-50379 was incomplete.\n\nUsers running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation \nparameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:\n- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)\n- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)\n- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)\n\nTomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56337",
"url": "https://www.suse.com/security/cve/CVE-2024-56337"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-56337",
"url": "https://bugzilla.suse.com/1234663"
},
{
"category": "external",
"summary": "SUSE Bug 1236809 for CVE-2024-56337",
"url": "https://bugzilla.suse.com/1236809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-admin-webapps-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-doc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-docs-webapp-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-el-5_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-embed-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-jsvc-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-lib-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1.noarch",
"openSUSE Leap 15.6:tomcat10-webapps-10.1.34-150200.5.31.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:33:06Z",
"details": "important"
}
],
"title": "CVE-2024-56337"
}
]
}
SUSE-SU-2025:0058-1
Vulnerability from csaf_suse - Published: 2025-02-05 10:34 - Updated: 2025-02-05 10:34Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.98
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: 69444: Ensure that the javax.servlet.error.message request attribute
is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Further optimise EL evaluation of method parameters. Patch provided
by Paolo B. (markt)
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
Patchnames: SUSE-2025-58,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-58,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-58,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-58,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-58,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-58,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-58,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-58,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-58,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-58,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-58,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-58,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-58,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-58,SUSE-Storage-7.1-2025-58,openSUSE-SLE-15.6-2025-58
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
109 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
109 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
109 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
109 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.98\n\n- Fixed CVEs:\n + CVE-2024-54677: DoS in examples web application (bsc#1234664)\n + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)\n + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)\n- Catalina\n + Add: Add option to serve resources from subpath only with WebDAV Servlet\n like with DefaultServlet. (michaelo)\n + Fix: Add special handling for the protocols attribute of SSLHostConfig in\n storeconfig. (remm)\n + Fix: 69442: Fix case sensitive check on content-type when parsing request\n parameters. (remm)\n + Code: Refactor duplicate code for extracting media type and subtype from\n content-type into a single method. (markt)\n + Fix: Compatibility of generated embedded code with components where\n constructors or property related methods throw a checked exception. (remm)\n + Fix: The previous fix for inconsistent resource metadata during concurrent\n reads and writes was incomplete. (markt)\n + Fix: 69444: Ensure that the javax.servlet.error.message request attribute\n is set when an application defined error page is called. (markt)\n + Fix: Avoid quotes for numeric values in the JSON generated by the status\n servlet. (remm)\n + Add: Add strong ETag support for the WebDAV and default servlet, which can\n be enabled by using the useStrongETags init parameter with a value set to\n true. The ETag generated will be a SHA-1 checksum of the resource content.\n (remm)\n + Fix: Use client locale for directory listings. (remm)\n + Fix: 69439: Improve the handling of multiple Cache-Control headers in the\n ExpiresFilter. Based on pull request #777 by Chenjp. (markt)\n + Fix: 69447: Update the support for caching classes the web application\n class loader cannot find to take account of classes loaded from external\n repositories. Prior to this fix, these classes could be incorrectly marked\n as not found. (markt)\n + Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by\n users will not be removed and any header present in a HEAD request will\n also be present in the equivalent GET request. There may be some headers,\n as per RFC 9110, section 9.3.2, that are present in a GET request that are\n not present in the equivalent HEAD request. (markt)\n + Fix: 69471: Log instances of CloseNowException caught by\n ApplicationDispatcher.invoke() at debug level rather than error level as\n they are very likely to have been caused by a client disconnection or\n similar I/O issue. (markt)\n + Add: Add a test case for the fix for 69442. Also refactor references to\n application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.\n (markt)\n + Fix: 69476: Catch possible ISE when trying to report PUT failure in the\n DefaultServlet. (remm)\n + Add: Add support for RateLimit header fields for HTTP (draft) in the\n RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)\n + Add: #787: Add regression tests for 69478. Pull request provided by Thomas\n Krisch. (markt)\n + Fix: The default servlet now rejects HTTP range requests when two or more\n of the requested ranges overlap. Based on pull request #782 provided by\n Chenjp. (markt)\n + Fix: Enhance Content-Range verification for partial PUT requests handled\n by the default servlet. Provided by Chenjp in pull request #778. (markt)\n + Fix: Harmonize DataSourceStore lookup in the global resources to\n optionally avoid the comp/env prefix which is usually not used there.\n (remm)\n + Fix: As required by RFC 9110, the HTTP Range header will now only be\n processed for GET requests. Based on pull request #790 provided by Chenjp.\n (markt)\n + Fix: Deprecate the useAcceptRanges initialisation parameter for the\n default servlet. It will be removed in Tomcat 12 onwards where it will\n effectively be hard coded to true. (markt)\n + Add: Add DataSource based property storage for the WebdavServlet. (remm)\n- Coyote\n + Fix: Align encodedSolidusHandling with the Servlet specification. If the\n pass-through mode is used, any %25 sequences will now also be passed\n through to avoid errors and/or corruption when the application decodes the\n path. (markt)\n- Jasper\n + Fix: Further optimise EL evaluation of method parameters. Patch provided\n by Paolo B. (markt)\n + Fix: Follow-up to the fix for 69381. Apply the optimisation for method\n lookup performance in expression language to an additional location.\n (markt)\n- Web applications\n + Fix: Documentation. Remove references to the ResourceParams element.\n Support for ResourceParams was removed in Tomcat 5.5.x. (markt)\n + Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.\n The attribute is internalProxies rather than allowedInternalProxies. Pull\n request #786 (markt)\n + Fix: Examples. Fix broken links when Servlet Request Info example is\n called via a URL that includes a pathInfo component. (markt)\n + Fix: Examples. Expand the obfuscation of session cookie values in the\n request header example to JSON responses. (markt)\n + Add: Examples. Add the ability to delete session attributes in the servlet\n session example. (markt)\n + Add: Examples. Add a hard coded limit of 10 attributes per session for the\n servlet session example. (markt)\n + Add: Examples. Add the ability to delete session attributes and add a hard\n coded limit of 10 attributes per session for the JSP form authentication\n example. (markt)\n + Add: Examples. Limit the shopping cart example to only allow adding the\n pre-defined items to the cart. (markt)\n + Fix: Examples. Remove JSP calendar example. (markt)\n- Other\n + Fix: 69465: Fix warnings during native image compilation using the Tomcat\n embedded JARs. (markt)\n + Update: Update Tomcat\u0027s fork of Commons DBCP to 2.13.0. (markt)\n + Update: Update EasyMock to 5.5.0. (markt)\n + Update: Update Checkstyle to 10.20.2. (markt)\n + Update: Update BND to 7.1.0. (markt)\n + Add: Improvements to French translations. (remm)\n + Add: Improvements to Korean translations. (markt)\n + Add: Improvements to Chinese translations. (markt)\n + Add: Improvements to Japanese translations by tak7iji. (markt)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-58,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-58,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-58,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-58,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-58,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-58,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-58,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-58,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-58,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-58,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-58,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-58,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-58,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-58,SUSE-Storage-7.1-2025-58,openSUSE-SLE-15.6-2025-58",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0058-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020086.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233435",
"url": "https://bugzilla.suse.com/1233435"
},
{
"category": "self",
"summary": "SUSE Bug 1234663",
"url": "https://bugzilla.suse.com/1234663"
},
{
"category": "self",
"summary": "SUSE Bug 1234664",
"url": "https://bugzilla.suse.com/1234664"
},
{
"category": "self",
"summary": "SUSE Bug 1236809",
"url": "https://bugzilla.suse.com/1236809"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52317 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56337/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-02-05T10:34:01Z",
"generator": {
"date": "2025-02-05T10:34:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0058-1",
"initial_release_date": "2025-02-05T10:34:01Z",
"revision_history": [
{
"date": "2025-02-05T10:34:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-embed-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-embed-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-javadoc-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-jsvc-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-lib-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"product_id": "tomcat-webapps-9.0.98-150200.74.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-embed-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-embed-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-jsvc-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-lib-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.98-150200.74.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.98-150200.74.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:34:01Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52317"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests \ncould lead to request and/or response mix-up between users.\n\nThis issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52317",
"url": "https://www.suse.com/security/cve/CVE-2024-52317"
},
{
"category": "external",
"summary": "SUSE Bug 1233435 for CVE-2024-52317",
"url": "https://bugzilla.suse.com/1233435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:34:01Z",
"details": "moderate"
}
],
"title": "CVE-2024-52317"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:34:01Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2024-56337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56337"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nThe mitigation for CVE-2024-50379 was incomplete.\n\nUsers running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation \nparameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat:\n- running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true)\n- running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false)\n- running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)\n\nTomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56337",
"url": "https://www.suse.com/security/cve/CVE-2024-56337"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-56337",
"url": "https://bugzilla.suse.com/1234663"
},
{
"category": "external",
"summary": "SUSE Bug 1236809 for CVE-2024-56337",
"url": "https://bugzilla.suse.com/1236809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-lib-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"SUSE Manager Server 4.3:tomcat-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-admin-webapps-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-docs-webapp-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-embed-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-javadoc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-jsvc-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-lib-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch",
"openSUSE Leap 15.6:tomcat-webapps-9.0.98-150200.74.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-05T10:34:01Z",
"details": "important"
}
],
"title": "CVE-2024-56337"
}
]
}
SUSE-SU-2025:0394-1
Vulnerability from csaf_suse - Published: 2025-02-10 07:34 - Updated: 2025-02-10 07:34Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
- CVE-2024-50379: Fixed remote code execution (RCE) due to TOCTOU issue in JSP compilation (bsc#1234663).
- CVE-2024-54677: Fixed denial-of-service (DoS) attack in examples web application (bsc#1234664).
Patchnames: SUSE-2025-394,SUSE-SLE-SERVER-12-SP5-LTSS-2025-394,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-394
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\n- CVE-2024-50379: Fixed remote code execution (RCE) due to TOCTOU issue in JSP compilation (bsc#1234663).\n- CVE-2024-54677: Fixed denial-of-service (DoS) attack in examples web application (bsc#1234664).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-394,SUSE-SLE-SERVER-12-SP5-LTSS-2025-394,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-394",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0394-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0394-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250394-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0394-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020292.html"
},
{
"category": "self",
"summary": "SUSE Bug 1234663",
"url": "https://bugzilla.suse.com/1234663"
},
{
"category": "self",
"summary": "SUSE Bug 1234664",
"url": "https://bugzilla.suse.com/1234664"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2025-02-10T07:34:42Z",
"generator": {
"date": "2025-02-10T07:34:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0394-1",
"initial_release_date": "2025-02-10T07:34:42Z",
"revision_history": [
{
"date": "2025-02-10T07:34:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-9.0.36-3.136.1.noarch",
"product_id": "tomcat-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-embed-9.0.36-3.136.1.noarch",
"product_id": "tomcat-embed-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.36-3.136.1.noarch",
"product_id": "tomcat-javadoc-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.36-3.136.1.noarch",
"product_id": "tomcat-jsvc-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-lib-9.0.36-3.136.1.noarch",
"product_id": "tomcat-lib-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.36-3.136.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.36-3.136.1.noarch",
"product_id": "tomcat-webapps-9.0.36-3.136.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-lib-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.36-3.136.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.36-3.136.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-10T07:34:42Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.36-3.136.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.36-3.136.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-10T07:34:42Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
}
]
}
SUSE-SU-2026:1058-1
Vulnerability from csaf_suse - Published: 2026-03-26 09:46 - Updated: 2026-03-26 09:46Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.115:
- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895).
- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash
(bsc#1246389).
- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2023-44487: Rapid reset attack (bsc#1216182).
Patchnames: SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
162 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.115:\n\n- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to \u0027MadeYouReset\u0027 DoS attack (bsc#1243895).\n- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash\n (bsc#1246389).\n- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).\n- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).\n- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).\n- CVE-2023-44487: Rapid reset attack (bsc#1216182).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1058-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216182",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "self",
"summary": "SUSE Bug 1243895",
"url": "https://bugzilla.suse.com/1243895"
},
{
"category": "self",
"summary": "SUSE Bug 1246318",
"url": "https://bugzilla.suse.com/1246318"
},
{
"category": "self",
"summary": "SUSE Bug 1246389",
"url": "https://bugzilla.suse.com/1246389"
},
{
"category": "self",
"summary": "SUSE Bug 1258371",
"url": "https://bugzilla.suse.com/1258371"
},
{
"category": "self",
"summary": "SUSE Bug 1258385",
"url": "https://bugzilla.suse.com/1258385"
},
{
"category": "self",
"summary": "SUSE Bug 1259224",
"url": "https://bugzilla.suse.com/1259224"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13934 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13935 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13943 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17527 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25329 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33037 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23181 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42252 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24549 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48989 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52434 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52520 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24733/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-03-26T09:46:45Z",
"generator": {
"date": "2026-03-26T09:46:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1058-1",
"initial_release_date": "2026-03-26T09:46:45Z",
"revision_history": [
{
"date": "2026-03-26T09:46:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-9.0.115-3.160.1.noarch",
"product_id": "tomcat-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product_id": "tomcat-embed-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-javadoc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsvc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product_id": "tomcat-lib-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-webapps-9.0.115-3.160.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13934"
}
],
"notes": [
{
"category": "general",
"text": "An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13934",
"url": "https://www.suse.com/security/cve/CVE-2020-13934"
},
{
"category": "external",
"summary": "SUSE Bug 1174121 for CVE-2020-13934",
"url": "https://bugzilla.suse.com/1174121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13935"
}
],
"notes": [
{
"category": "general",
"text": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13935",
"url": "https://www.suse.com/security/cve/CVE-2020-13935"
},
{
"category": "external",
"summary": "SUSE Bug 1174117 for CVE-2020-13935",
"url": "https://bugzilla.suse.com/1174117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13943"
}
],
"notes": [
{
"category": "general",
"text": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13943",
"url": "https://www.suse.com/security/cve/CVE-2020-13943"
},
{
"category": "external",
"summary": "SUSE Bug 1177582 for CVE-2020-13943",
"url": "https://bugzilla.suse.com/1177582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-17527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17527"
}
],
"notes": [
{
"category": "general",
"text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17527",
"url": "https://www.suse.com/security/cve/CVE-2020-17527"
},
{
"category": "external",
"summary": "SUSE Bug 1179602 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1179602"
},
{
"category": "external",
"summary": "SUSE Bug 1180830 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1180830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-17527"
},
{
"cve": "CVE-2021-24122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24122"
}
],
"notes": [
{
"category": "general",
"text": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24122",
"url": "https://www.suse.com/security/cve/CVE-2021-24122"
},
{
"category": "external",
"summary": "SUSE Bug 1180947 for CVE-2021-24122",
"url": "https://bugzilla.suse.com/1180947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25122"
}
],
"notes": [
{
"category": "general",
"text": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25122",
"url": "https://www.suse.com/security/cve/CVE-2021-25122"
},
{
"category": "external",
"summary": "SUSE Bug 1182912 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1182912"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25329"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25329",
"url": "https://www.suse.com/security/cve/CVE-2021-25329"
},
{
"category": "external",
"summary": "SUSE Bug 1182909 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1182909"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30640",
"url": "https://www.suse.com/security/cve/CVE-2021-30640"
},
{
"category": "external",
"summary": "SUSE Bug 1188279 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1188279"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33037"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33037",
"url": "https://www.suse.com/security/cve/CVE-2021-33037"
},
{
"category": "external",
"summary": "SUSE Bug 1188278 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1188278"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41079"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41079",
"url": "https://www.suse.com/security/cve/CVE-2021-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1190558 for CVE-2021-41079",
"url": "https://bugzilla.suse.com/1190558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-43980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43980"
}
],
"notes": [
{
"category": "general",
"text": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43980",
"url": "https://www.suse.com/security/cve/CVE-2021-43980"
},
{
"category": "external",
"summary": "SUSE Bug 1203868 for CVE-2021-43980",
"url": "https://bugzilla.suse.com/1203868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-23181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23181"
}
],
"notes": [
{
"category": "general",
"text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23181",
"url": "https://www.suse.com/security/cve/CVE-2022-23181"
},
{
"category": "external",
"summary": "SUSE Bug 1195255 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1195255"
},
{
"category": "external",
"summary": "SUSE Bug 1196395 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1196395"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-42252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42252"
}
],
"notes": [
{
"category": "general",
"text": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42252",
"url": "https://www.suse.com/security/cve/CVE-2022-42252"
},
{
"category": "external",
"summary": "SUSE Bug 1204918 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1204918"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41080"
}
],
"notes": [
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41080",
"url": "https://www.suse.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1214666 for CVE-2023-41080",
"url": "https://bugzilla.suse.com/1214666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45468"
}
],
"notes": [
{
"category": "general",
"text": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45468",
"url": "https://www.suse.com/security/cve/CVE-2023-45468"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2023-45468",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-45468"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21733"
}
],
"notes": [
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21733",
"url": "https://www.suse.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1219023 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1219023"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-21733"
},
{
"cve": "CVE-2024-23672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23672"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23672",
"url": "https://www.suse.com/security/cve/CVE-2024-23672"
},
{
"category": "external",
"summary": "SUSE Bug 1221385 for CVE-2024-23672",
"url": "https://bugzilla.suse.com/1221385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24549"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24549",
"url": "https://www.suse.com/security/cve/CVE-2024-24549"
},
{
"category": "external",
"summary": "SUSE Bug 1221386 for CVE-2024-24549",
"url": "https://bugzilla.suse.com/1221386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-34750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34750"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34750",
"url": "https://www.suse.com/security/cve/CVE-2024-34750"
},
{
"category": "external",
"summary": "SUSE Bug 1227399 for CVE-2024-34750",
"url": "https://bugzilla.suse.com/1227399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38286"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38286",
"url": "https://www.suse.com/security/cve/CVE-2024-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1230986 for CVE-2024-38286",
"url": "https://bugzilla.suse.com/1230986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52316"
}
],
"notes": [
{
"category": "general",
"text": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52316",
"url": "https://www.suse.com/security/cve/CVE-2024-52316"
},
{
"category": "external",
"summary": "SUSE Bug 1233434 for CVE-2024-52316",
"url": "https://bugzilla.suse.com/1233434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "critical"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2025-24813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24813"
}
],
"notes": [
{
"category": "general",
"text": "Path Equivalence: \u0027file.Name\u0027 (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nIf all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads\n- attacker knowledge of the names of security sensitive files being uploaded\n- the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- application was using Tomcat\u0027s file based session persistence with the default storage location\n- application included a library that may be leveraged in a deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24813",
"url": "https://www.suse.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "SUSE Bug 1239302 for CVE-2025-24813",
"url": "https://bugzilla.suse.com/1239302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-46701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46701"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Case Sensitivity vulnerability in Apache Tomcat\u0027s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46701",
"url": "https://www.suse.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "SUSE Bug 1243815 for CVE-2025-46701",
"url": "https://bugzilla.suse.com/1243815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-48988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48988"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48988",
"url": "https://www.suse.com/security/cve/CVE-2025-48988"
},
{
"category": "external",
"summary": "SUSE Bug 1244656 for CVE-2025-48988",
"url": "https://bugzilla.suse.com/1244656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48988"
},
{
"cve": "CVE-2025-48989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48989"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48989",
"url": "https://www.suse.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1243895 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49125"
}
],
"notes": [
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49125",
"url": "https://www.suse.com/security/cve/CVE-2025-49125"
},
{
"category": "external",
"summary": "SUSE Bug 1244649 for CVE-2025-49125",
"url": "https://bugzilla.suse.com/1244649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-49125"
},
{
"cve": "CVE-2025-52434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52434"
}
],
"notes": [
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52434",
"url": "https://www.suse.com/security/cve/CVE-2025-52434"
},
{
"category": "external",
"summary": "SUSE Bug 1246389 for CVE-2025-52434",
"url": "https://bugzilla.suse.com/1246389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52520"
}
],
"notes": [
{
"category": "general",
"text": "For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52520",
"url": "https://www.suse.com/security/cve/CVE-2025-52520"
},
{
"category": "external",
"summary": "SUSE Bug 1246388 for CVE-2025-52520",
"url": "https://bugzilla.suse.com/1246388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53506"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53506",
"url": "https://www.suse.com/security/cve/CVE-2025-53506"
},
{
"category": "external",
"summary": "SUSE Bug 1246318 for CVE-2025-53506",
"url": "https://bugzilla.suse.com/1246318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53506"
},
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66614"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66614",
"url": "https://www.suse.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "SUSE Bug 1258371 for CVE-2025-66614",
"url": "https://bugzilla.suse.com/1258371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-66614"
},
{
"cve": "CVE-2026-24733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24733"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24733",
"url": "https://www.suse.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "SUSE Bug 1258385 for CVE-2026-24733",
"url": "https://bugzilla.suse.com/1258385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2026-24733"
}
]
}
WID-SEC-W-2024-3722
Vulnerability from csaf_certbund - Published: 2024-12-17 23:00 - Updated: 2026-03-26 23:00Summary
Apache Tomcat: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuführen und einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme: - Linux
- NetApp Appliance
- UNIX
- Windows
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager for VMware vSphere
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere
|
for VMware vSphere | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source GStreamer ExtremeControl SE <24.10.13
Open Source / GStreamer
|
ExtremeControl SE <24.10.13 | ||
|
Open Source GStreamer ExtremeAnalytics SE <24.10.13
Open Source / GStreamer
|
ExtremeAnalytics SE <24.10.13 | ||
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Integration Bus
IBM
|
cpe:/a:ibm:integration_bus:for_zos
|
— | |
|
NetApp ActiveIQ Unified Manager for Microsoft Windows
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows
|
for Microsoft Windows | |
|
Open Source Camunda <7.21.8
Open Source / Camunda
|
<7.21.8 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source Camunda <7.20.11
Open Source / Camunda
|
<7.20.11 | ||
|
Apache Tomcat <10.1.34
Apache / Tomcat
|
<10.1.34 | ||
|
Apache Tomcat <11.0.2
Apache / Tomcat
|
<11.0.2 | ||
|
Apache Tomcat <9.0.98
Apache / Tomcat
|
<9.0.98 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
NetApp ActiveIQ Unified Manager for Linux
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_linux
|
for Linux | |
|
SUSE openSUSE
SUSE / openSUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Atlassian Confluence Data Center and Server <8.5.19
Atlassian / Confluence
|
Data Center and Server <8.5.19 | ||
|
Dell NetWorker <19.13.0.1
Dell / NetWorker
|
<19.13.0.1 | ||
|
Atlassian Confluence Data Center and Server <9.2.1
Atlassian / Confluence
|
Data Center and Server <9.2.1 | ||
|
Open Source Camunda <7.23.0-alpha4
Open Source / Camunda
|
<7.23.0-alpha4 | ||
|
ATOSS Staff Efficiency Suite
ATOSS
|
cpe:/a:atoss:staff_efficiency_suite:-
|
— | |
|
Open Source Camunda <7.22.3
Open Source / Camunda
|
<7.22.3 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Web Server <5.8.4
Red Hat / JBoss Web Server
|
<5.8.4 | ||
|
SUSE openSUSE
SUSE / openSUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager for VMware vSphere
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere
|
for VMware vSphere | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source GStreamer ExtremeControl SE <24.10.13
Open Source / GStreamer
|
ExtremeControl SE <24.10.13 | ||
|
Open Source GStreamer ExtremeAnalytics SE <24.10.13
Open Source / GStreamer
|
ExtremeAnalytics SE <24.10.13 | ||
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
IBM Integration Bus
IBM
|
cpe:/a:ibm:integration_bus:for_zos
|
— | |
|
NetApp ActiveIQ Unified Manager for Microsoft Windows
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows
|
for Microsoft Windows | |
|
Open Source Camunda <7.21.8
Open Source / Camunda
|
<7.21.8 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source Camunda <7.20.11
Open Source / Camunda
|
<7.20.11 | ||
|
Apache Tomcat <10.1.34
Apache / Tomcat
|
<10.1.34 | ||
|
Apache Tomcat <11.0.2
Apache / Tomcat
|
<11.0.2 | ||
|
Apache Tomcat <9.0.98
Apache / Tomcat
|
<9.0.98 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 | ||
|
NetApp ActiveIQ Unified Manager for Linux
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_linux
|
for Linux | |
|
SUSE openSUSE
SUSE / openSUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Atlassian Confluence Data Center and Server <8.5.19
Atlassian / Confluence
|
Data Center and Server <8.5.19 | ||
|
Dell NetWorker <19.13.0.1
Dell / NetWorker
|
<19.13.0.1 | ||
|
Atlassian Confluence Data Center and Server <9.2.1
Atlassian / Confluence
|
Data Center and Server <9.2.1 | ||
|
Open Source Camunda <7.23.0-alpha4
Open Source / Camunda
|
<7.23.0-alpha4 | ||
|
ATOSS Staff Efficiency Suite
ATOSS
|
cpe:/a:atoss:staff_efficiency_suite:-
|
— | |
|
Open Source Camunda <7.22.3
Open Source / Camunda
|
<7.22.3 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP11 IF01
IBM / QRadar SIEM
|
<7.5.0 UP11 IF01 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat JBoss Web Server <5.8.4
Red Hat / JBoss Web Server
|
<5.8.4 | ||
|
SUSE openSUSE
SUSE / openSUSE
|
cpe:/o:suse:opensuse:-
|
— |
References
55 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Tomcat ist ein Web-Applikationsserver f\u00fcr verschiedene Plattformen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um beliebigen Programmcode auszuf\u00fchren und einen Denial-of-Service-Zustand zu erzeugen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- NetApp Appliance\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3722 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3722.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3722 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3722"
},
{
"category": "external",
"summary": "Apache Mailing List vom 2024-12-17",
"url": "https://lists.apache.org/thread/tdtbbxpg5trdwc2wnopcth9ccvdftq2n"
},
{
"category": "external",
"summary": "Apache Mailing List vom 2024-12-17",
"url": "https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2024-12-17",
"url": "https://github.com/advisories/GHSA-5j33-cvvr-w245"
},
{
"category": "external",
"summary": "GitHub Advisory Database vom 2024-12-17",
"url": "https://github.com/advisories/GHSA-653p-vg55-5652"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250103-0003 vom 2025-01-03",
"url": "https://security.netapp.com/advisory/ntap-20250103-0003/"
},
{
"category": "external",
"summary": "SUSE Security Update vom 2025-01-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/R2IT7I6R7IICWNFTQM2VQTVL5JMUZMA4/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14623-1 vom 2025-01-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BW77WQOC353TC34OPBAFJ7NIG6GAGCA5/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0058-1 vom 2025-01-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BU742OOISJIJHU3XWFKULNL4LCEVGEXC/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7180700 vom 2025-01-10",
"url": "https://www.ibm.com/support/pages/node/7180700"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4017 vom 2025-01-17",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00009.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0362 vom 2025-01-16",
"url": "https://access.redhat.com/errata/RHSA-2025:0362"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0361 vom 2025-01-16",
"url": "https://access.redhat.com/errata/RHSA-2025:0361"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5845 vom 2025-01-17",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00007.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0342 vom 2025-01-21",
"url": "https://access.redhat.com/errata/RHSA-2025:0342"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0343 vom 2025-01-21",
"url": "https://access.redhat.com/errata/RHSA-2025:0343"
},
{
"category": "external",
"summary": "ExtremeNetworks Vulnerability Notice SA-2025-007 vom 2025-01-23",
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000122669"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASTOMCAT9-2025-015 vom 2025-01-24",
"url": "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2025-015.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0394-1 vom 2025-02-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020292.html"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin",
"url": "https://confluence.atlassian.com/security/security-bulletin-february-18-2025-1510670627.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7183584 vom 2025-02-18",
"url": "https://www.ibm.com/support/pages/node/7183584"
},
{
"category": "external",
"summary": "ATOSS Security News vom 2025-02-21",
"url": "https://www.atoss.ch/de-ch/sicherheit/security-news"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1920 vom 2025-02-27",
"url": "https://access.redhat.com/errata/RHSA-2025:1920"
},
{
"category": "external",
"summary": "Camunda Security Notice vom 2025-03-10",
"url": "https://docs.camunda.org/security/notices/#notice-130"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-3645 vom 2025-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-3645.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3609 vom 2025-04-07",
"url": "https://access.redhat.com/errata/RHSA-2025:3609"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3647 vom 2025-04-07",
"url": "https://access.redhat.com/errata/RHSA-2025:3647"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3646 vom 2025-04-07",
"url": "https://access.redhat.com/errata/RHSA-2025:3646"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3608 vom 2025-04-08",
"url": "https://access.redhat.com/errata/RHSA-2025:3608"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3645 vom 2025-04-07",
"url": "https://access.redhat.com/errata/RHSA-2025:3645"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-3683 vom 2025-04-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-3683.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3683 vom 2025-04-08",
"url": "https://access.redhat.com/errata/RHSA-2025:3683"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2829 vom 2025-04-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2829.html"
},
{
"category": "external",
"summary": "PoC CVE-2024-50379 vom 2025-04-24",
"url": "https://github.com/iSee857/CVE-2024-50379-PoC/blob/main/ApachTomcat_CVE-2024-50379_ConditionalCompetitionToRce.py"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4521 vom 2025-05-08",
"url": "https://access.redhat.com/errata/RHSA-2025:4521"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4522 vom 2025-05-08",
"url": "https://access.redhat.com/errata/RHSA-2025:4522"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7497 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7497"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2TOMCAT9-2025-015 vom 2025-07-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS2TOMCAT9-2025-015.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7497 vom 2025-06-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-7497.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11334 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11334"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11335 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11335"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11333 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11333"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11335 vom 2025-07-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-11335.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11333 vom 2025-07-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-11333.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11332 vom 2025-07-16",
"url": "https://access.redhat.com/errata/RHSA-2025:11332"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:11382 vom 2025-07-17",
"url": "https://access.redhat.com/errata/RHSA-2025:11382"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11332 vom 2025-07-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-11332.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4244 vom 2025-07-22",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7705-1 vom 2025-08-20",
"url": "https://ubuntu.com/security/notices/USN-7705-1"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-309 vom 2025-09-08",
"url": "https://www.dell.com/support/kbdoc/de-de/000362754/dsa-2025-309-security-update-for-dell-networker-apache-tomcat-vulnerabilities"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:7497 vom 2025-10-03",
"url": "https://errata.build.resf.org/RLSA-2025:7497"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1058-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
}
],
"source_lang": "en-US",
"title": "Apache Tomcat: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-26T23:00:00.000+00:00",
"generator": {
"date": "2026-03-27T09:41:33.979+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3722",
"initial_release_date": "2024-12-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-18T23:00:00.000+00:00",
"number": "2",
"summary": "Anpassung CVSS Bewertung bei CVE-2024-50379 wg. Angriffskomplexit\u00e4t \"hoch\""
},
{
"date": "2025-01-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-01-09T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-16T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von ExtremeNetworks aufgenommen"
},
{
"date": "2025-01-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-02-09T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-10T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "21",
"summary": "PoC f\u00fcr CVE-2024-50379 aufgenommen"
},
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-06-30T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon und Oracle Linux aufgenommen"
},
{
"date": "2025-07-16T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "33"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ATOSS Staff Efficiency Suite",
"product": {
"name": "ATOSS Staff Efficiency Suite",
"product_id": "T041371",
"product_identification_helper": {
"cpe": "cpe:/a:atoss:staff_efficiency_suite:-"
}
}
}
],
"category": "vendor",
"name": "ATOSS"
},
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.2",
"product": {
"name": "Apache Tomcat \u003c11.0.2",
"product_id": "T039886"
}
},
{
"category": "product_version",
"name": "11.0.2",
"product": {
"name": "Apache Tomcat 11.0.2",
"product_id": "T039886-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:11.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.34",
"product": {
"name": "Apache Tomcat \u003c10.1.34",
"product_id": "T039887"
}
},
{
"category": "product_version",
"name": "10.1.34",
"product": {
"name": "Apache Tomcat 10.1.34",
"product_id": "T039887-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:10.1.34"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.98",
"product": {
"name": "Apache Tomcat \u003c9.0.98",
"product_id": "T039888"
}
},
{
"category": "product_version",
"name": "9.0.98",
"product": {
"name": "Apache Tomcat 9.0.98",
"product_id": "T039888-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:tomcat:9.0.98"
}
}
}
],
"category": "product_name",
"name": "Tomcat"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.2.1",
"product": {
"name": "Atlassian Confluence Data Center and Server \u003c9.2.1",
"product_id": "T041273"
}
},
{
"category": "product_version",
"name": "Data Center and Server 9.2.1",
"product": {
"name": "Atlassian Confluence Data Center and Server 9.2.1",
"product_id": "T041273-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center_and_server__9.2.1"
}
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c8.5.19",
"product": {
"name": "Atlassian Confluence Data Center and Server \u003c8.5.19",
"product_id": "T041274"
}
},
{
"category": "product_version",
"name": "Data Center and Server 8.5.19",
"product": {
"name": "Atlassian Confluence Data Center and Server 8.5.19",
"product_id": "T041274-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center_and_server__8.5.19"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.13.0.1",
"product": {
"name": "Dell NetWorker \u003c19.13.0.1",
"product_id": "T046768"
}
},
{
"category": "product_version",
"name": "19.13.0.1",
"product": {
"name": "Dell NetWorker 19.13.0.1",
"product_id": "T046768-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.13.0.1"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Integration Bus",
"product": {
"name": "IBM Integration Bus",
"product_id": "T039654",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:for_zos"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP11 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP11 IF01",
"product_id": "T041270"
}
},
{
"category": "product_version",
"name": "7.5.0 UP11 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP11 IF01",
"product_id": "T041270-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up11_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for Linux",
"product": {
"name": "NetApp ActiveIQ Unified Manager for Linux",
"product_id": "T023548",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_linux"
}
}
},
{
"category": "product_version",
"name": "for VMware vSphere",
"product": {
"name": "NetApp ActiveIQ Unified Manager for VMware vSphere",
"product_id": "T025152",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere"
}
}
},
{
"category": "product_version",
"name": "for Microsoft Windows",
"product": {
"name": "NetApp ActiveIQ Unified Manager for Microsoft Windows",
"product_id": "T025631",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
}
}
}
],
"category": "product_name",
"name": "ActiveIQ Unified Manager"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.20.11",
"product": {
"name": "Open Source Camunda \u003c7.20.11",
"product_id": "T041688"
}
},
{
"category": "product_version",
"name": "7.20.11",
"product": {
"name": "Open Source Camunda 7.20.11",
"product_id": "T041688-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.20.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.21.8",
"product": {
"name": "Open Source Camunda \u003c7.21.8",
"product_id": "T041689"
}
},
{
"category": "product_version",
"name": "7.21.8",
"product": {
"name": "Open Source Camunda 7.21.8",
"product_id": "T041689-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.21.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.22.3",
"product": {
"name": "Open Source Camunda \u003c7.22.3",
"product_id": "T041690"
}
},
{
"category": "product_version",
"name": "7.22.3",
"product": {
"name": "Open Source Camunda 7.22.3",
"product_id": "T041690-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.22.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.23.0-alpha4",
"product": {
"name": "Open Source Camunda \u003c7.23.0-alpha4",
"product_id": "T041691"
}
},
{
"category": "product_version",
"name": "7.23.0-alpha4",
"product": {
"name": "Open Source Camunda 7.23.0-alpha4",
"product_id": "T041691-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.23.0-alpha4"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"branches": [
{
"category": "product_version_range",
"name": "ExtremeAnalytics SE \u003c24.10.13",
"product": {
"name": "Open Source GStreamer ExtremeAnalytics SE \u003c24.10.13",
"product_id": "T040603"
}
},
{
"category": "product_version",
"name": "ExtremeAnalytics SE 24.10.13",
"product": {
"name": "Open Source GStreamer ExtremeAnalytics SE 24.10.13",
"product_id": "T040603-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:gstreamer:extremeanalytics_se__24.10.13"
}
}
},
{
"category": "product_version_range",
"name": "ExtremeControl SE \u003c24.10.13",
"product": {
"name": "Open Source GStreamer ExtremeControl SE \u003c24.10.13",
"product_id": "T040604"
}
},
{
"category": "product_version",
"name": "ExtremeControl SE 24.10.13",
"product": {
"name": "Open Source GStreamer ExtremeControl SE 24.10.13",
"product_id": "T040604-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:gstreamer:extremecontrol_se__24.10.13"
}
}
}
],
"category": "product_name",
"name": "GStreamer"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.8.4",
"product": {
"name": "Red Hat JBoss Web Server \u003c5.8.4",
"product_id": "T043515"
}
},
{
"category": "product_version",
"name": "5.8.4",
"product": {
"name": "Red Hat JBoss Web Server 5.8.4",
"product_id": "T043515-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.8.4"
}
}
}
],
"category": "product_name",
"name": "JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T040043",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "product_name",
"name": "openSUSE"
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50379",
"product_status": {
"known_affected": [
"T025152",
"67646",
"T040604",
"T040603",
"T002977",
"T004914",
"T039654",
"T025631",
"T041689",
"398363",
"T041688",
"T039887",
"T039886",
"T039888",
"T032255",
"T052048",
"T023548",
"T040043",
"T041274",
"T046768",
"T041273",
"T041691",
"T041371",
"T041690",
"2951",
"T002207",
"T041270",
"T000126",
"T043515",
"T027843"
]
},
"release_date": "2024-12-17T23:00:00.000+00:00",
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-54677",
"product_status": {
"known_affected": [
"T025152",
"67646",
"T040604",
"T040603",
"T002977",
"T004914",
"T039654",
"T025631",
"T041689",
"398363",
"T041688",
"T039887",
"T039886",
"T039888",
"T032255",
"T052048",
"T023548",
"T040043",
"T041274",
"T046768",
"T041273",
"T041691",
"T041371",
"T041690",
"2951",
"T002207",
"T041270",
"T000126",
"T043515",
"T027843"
]
},
"release_date": "2024-12-17T23:00:00.000+00:00",
"title": "CVE-2024-54677"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…