Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Oracle Linux 8 ELSA-2025-14177 Tomcat Important DoS Security Advisory

oracle
Calendar Grey August 21, 2025
Oracle Linux Logo Esm H88
Revised security bulletin for Oracle Linux 8 pertaining to Tomcat, highlighting critical patches addressing DoS vulnerabilities.
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[1:9.0.87-1.el8_10.6] - Resolves: RHEL-102193 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) [1:9.0.87-1.el8_10.5] - Resolves: RHEL-108486 tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976) - Resolves: RHEL-108494 tomcat: Dos in multipart upload (CVE-2025-48988) - Resolves: RHEL-108502 tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) - Resolves: RHEL-108510 tomcat: Denial of service (CVE-2025-52434) - Resolves: RHEL-108524 tomcat: Denial of service (CVE-2025-52520) - Resolves: RHEL-108518 tomcat: Denial of service (CVE-2025-53506)

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates/tomcat-9.0.87-1.el8_10.6.src.rpm

x86_64

tomcat-9.0.87-1.el8_10.6.noarch.rpm tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpm

aarch64

tomcat-9.0.87-1.el8_10.6.noarch.rpm tomcat-admin-webapps-9.0.87-1.el8_10.6.noarch.rpm tomcat-docs-webapp-9.0.87-1.el8_10.6.noarch.rpm tomcat-el-3.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-jsp-2.3-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-lib-9.0.87-1.el8_10.6.noarch.rpm tomcat-servlet-4.0-api-9.0.87-1.el8_10.6.noarch.rpm tomcat-webapps-9.0.87-1.el8_10.6.noarch.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2025-48976 CVE-2025-48988 CVE-2025-48989 CVE-2025-49125 CVE-2025-52434 CVE-2025-52520 CVE-2025-53506

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here