Several security issues were fixed in Tomcat.
Software Description:
- tomcat10: Servlet and JSP engine
Details:
It was discovered that Tomcat did not correctly handle case sensitivity.
An attacker could possibly use this issue to bypass authentication
mechanisms. (CVE-2025-46701)
Elysee Franchuk discovered that Tomcat did not correctly limit the number
of attributes for a session. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 24.04 LTS.
(CVE-2024-54677)
It was discovered that Tomcat did not correctly sanitize certain URLs. An
attacker could possibly use this issue to bypass authentication
mechanisms. (CVE-2025-31651)
It was discovered that Tomcat did not correctly handle certain malformed
HTTP headers,
which could lead to a memory leak. An attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS. (CVE-2025-31650)
It was discovered that Tomcat did not correctly hand...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libtomcat10-java 10.1.35-1ubuntu0.1
tomcat10 10.1.35-1ubuntu0.1
Ubuntu 24.04 LTS
libtomcat10-java 10.1.16-1ubuntu0.1~esm3
Available with Ubuntu Pro
tomcat10 10.1.16-1ubuntu0.1~esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7705-1
CVE-2024-50379, CVE-2024-52317, CVE-2024-54677, CVE-2025-31650,
CVE-2025-31651, CVE-2025-46701
Get the latest Linux and open source security news straight to your inbox.