RHSA-2026:2740
Vulnerability from csaf_redhat - Published: 2026-02-16 18:57 - Updated: 2026-03-06 02:51Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release
Notes
Topic
Red Hat JBoss Web Server 6.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.
Security fix(es):
* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)
* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)
* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Web Server 6.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.2.0 serves as a replacement for Red Hat JBoss Web Server 6.1.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity fix(es):\n\n* tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701)\n* tomcat-catalina: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668)\n* tomcat-juli: Apache Tomcat: console manipulation (CVE-2025-55754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2740",
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.2/html/red_hat_jboss_web_server_6.2_release_notes/index"
},
{
"category": "external",
"summary": "2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2740.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.0 security release",
"tracking": {
"current_release_date": "2026-03-06T02:51:22+00:00",
"generator": {
"date": "2026-03-06T02:51:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2026:2740",
"initial_release_date": "2026-02-16T18:57:53+00:00",
"revision_history": [
{
"date": "2026-02-16T18:57:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-05T20:39:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-06T02:51:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 10",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el10"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 8",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 6.2 on RHEL 9",
"product": {
"name": "Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:6.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el10jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el8jws?arch=src"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el9jws?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el10jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el8jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-lib@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_id": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.49-7.redhat_00006.1.el9jws?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 10",
"product_id": "10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"relates_to_product_reference": "10Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 8",
"product_id": "8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"relates_to_product_reference": "8Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src"
},
"product_reference": "jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.2 on RHEL 9",
"product_id": "9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
},
"product_reference": "jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"relates_to_product_reference": "9Base-JWS-6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46701",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2025-05-29T20:00:51.512562+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important due to several limiting technical factors that reduce its overall impact and exploitability. Firstly, the flaw only manifests on case-insensitive file systems (e.g., Windows NTFS or macOS HFS+), which are less common in production-grade Tomcat deployments, most of which run on case-sensitive Linux file systems. Secondly, the bypass only occurs when security constraints are defined specifically on the pathInfo portion of URLs mapped to the CGI servlet \u2014 a relatively uncommon and niche configuration in modern Tomcat-based applications, where URL-based access control tends to use more direct patterns or broader filters. Additionally, successful exploitation does not lead to remote code execution or denial of service, but rather circumvents access control under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "RHBZ#2369253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",
"url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"
}
],
"release_date": "2025-05-29T19:06:04.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation is either unavailable or does not meet Red Hat Product Security standards for usability, deployment, applicability, or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Apache Tomcat: Security constraint bypass for CGI scripts"
},
{
"cve": "CVE-2025-55668",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"discovery_date": "2025-08-13T14:00:45.674371+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388226"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation vulnerability has been identified in Apache Tomcat, affecting its rewrite functionality. If the rewrite valve is enabled for a web application, an attacker can craft a specific URL. If a victim clicks on this malicious URL, their subsequent interaction with the resource will occur within the context of the attacker\u0027s session. This could allow an attacker to hijack the victim\u0027s session and perform actions on their behalf.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55668"
},
{
"category": "external",
"summary": "RHBZ#2388226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6",
"url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21",
"url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95",
"url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47",
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"release_date": "2025-08-13T13:21:35.743000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve"
},
{
"cve": "CVE-2025-55754",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2025-10-27T18:01:17.953987+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406590"
}
],
"notes": [
{
"category": "description",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "RHBZ#2406590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754"
},
{
"category": "external",
"summary": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",
"url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",
"url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"
}
],
"release_date": "2025-10-27T17:29:50.756000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T18:57:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2740"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el10jws.src",
"10Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"10Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el10jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el8jws.src",
"8Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"8Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el8jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-0:10.1.49-7.redhat_00006.1.el9jws.src",
"9Base-JWS-6.2:jws6-tomcat-admin-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-docs-webapp-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-el-5.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-javadoc-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-jsp-3.1-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-lib-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-selinux-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-servlet-6.0-api-0:10.1.49-7.redhat_00006.1.el9jws.noarch",
"9Base-JWS-6.2:jws6-tomcat-webapps-0:10.1.49-7.redhat_00006.1.el9jws.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…