SUSE Linux 12 Tomcat Important Update Advisory 2026-1058 CVE References

## This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: * CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to "MadeYouReset" DoS attack (bsc#1243895). * CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash (bsc#1246389). * CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318). * CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). * CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). * CVE-2023-44487: Rapid reset attack (bsc#1216182). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".