Security News

Cybersecurity news aggregator

🔄
INFO Updates Red Hat Errata

RHSA-2026:18537: Important: tomcat security update

javaweb-servercve-2025-46701cve-2025-55668cve-2025-55754
  • What: Security update for Apache Tomcat
  • Impact: Red Hat Enterprise Linux 10 systems using Tomcat
Read Full Article →

Red Hat Product Errata RHSA-2026:18537 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18537 - Security Advisory Overview Updated Packages Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for tomcat is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): tomcat: Apache Tomcat: Security constraint bypass for CGI scripts (CVE-2025-46701) org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve (CVE-2025-55668) org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation (CVE-2025-55754) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2369253 - CVE-2025-46701 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts BZ - 2388226 - CVE-2025-55668 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve BZ - 2406590 - CVE-2025-55754 org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation RHEL-150099 - Rebase tomcat package to enable PQC features CVEs CVE-2025-46701 CVE-2025-55668 CVE-2025-55754 References https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM tomcat-10.1.49-1.el10.src.rpm SHA-256: b2f5d53c145945ead809c614c32abf789468db75a409d6c39846dd4e8d62b5b2 x86_64 tomcat-10.1.49-1.el10.noarch.rpm SHA-256: 714782af75de9b49ef36cb8b634b5b727079146aae9b9f390dbedef1536efd0c tomcat-admin-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 3dde560bce53288d26b8871ea6ea16debdf3aa7d1583bfed9329f714c491a984 tomcat-docs-webapp-10.1.49-1.el10.noarch.rpm SHA-256: 589509f0f174e25411d218a07841e8da5f5a5677f1477e3001100aeb8c1452b5 tomcat-el-5.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 7221da65e8a1002955c718fef14df3c510f97fa9d133c1b8be6e1be4b3048f07 tomcat-jsp-3.1-api-10.1.49-1.el10.noarch.rpm SHA-256: e17345f5ca959b8f2a44b4ea6f7cee71ce5ce9586914a89aabbd273f425fdbcd tomcat-lib-10.1.49-1.el10.noarch.rpm SHA-256: 574e7e4dbb0b0304a6c23a90a331374cd67a1ded639fef0f3434d836d886cda5 tomcat-servlet-6.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 1185b7dacd021f38564263ed14be3d3b40d45676b93870d9e90774fa9998401d tomcat-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 9af00aff3a0098b39b214867d6096d6c01a97214e7dcdf398664f0544d55985c Red Hat Enterprise Linux for IBM z Systems 10 SRPM tomcat-10.1.49-1.el10.src.rpm SHA-256: b2f5d53c145945ead809c614c32abf789468db75a409d6c39846dd4e8d62b5b2 s390x tomcat-10.1.49-1.el10.noarch.rpm SHA-256: 714782af75de9b49ef36cb8b634b5b727079146aae9b9f390dbedef1536efd0c tomcat-admin-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 3dde560bce53288d26b8871ea6ea16debdf3aa7d1583bfed9329f714c491a984 tomcat-docs-webapp-10.1.49-1.el10.noarch.rpm SHA-256: 589509f0f174e25411d218a07841e8da5f5a5677f1477e3001100aeb8c1452b5 tomcat-el-5.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 7221da65e8a1002955c718fef14df3c510f97fa9d133c1b8be6e1be4b3048f07 tomcat-jsp-3.1-api-10.1.49-1.el10.noarch.rpm SHA-256: e17345f5ca959b8f2a44b4ea6f7cee71ce5ce9586914a89aabbd273f425fdbcd tomcat-lib-10.1.49-1.el10.noarch.rpm SHA-256: 574e7e4dbb0b0304a6c23a90a331374cd67a1ded639fef0f3434d836d886cda5 tomcat-servlet-6.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 1185b7dacd021f38564263ed14be3d3b40d45676b93870d9e90774fa9998401d tomcat-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 9af00aff3a0098b39b214867d6096d6c01a97214e7dcdf398664f0544d55985c Red Hat Enterprise Linux for Power, little endian 10 SRPM tomcat-10.1.49-1.el10.src.rpm SHA-256: b2f5d53c145945ead809c614c32abf789468db75a409d6c39846dd4e8d62b5b2 ppc64le tomcat-10.1.49-1.el10.noarch.rpm SHA-256: 714782af75de9b49ef36cb8b634b5b727079146aae9b9f390dbedef1536efd0c tomcat-admin-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 3dde560bce53288d26b8871ea6ea16debdf3aa7d1583bfed9329f714c491a984 tomcat-docs-webapp-10.1.49-1.el10.noarch.rpm SHA-256: 589509f0f174e25411d218a07841e8da5f5a5677f1477e3001100aeb8c1452b5 tomcat-el-5.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 7221da65e8a1002955c718fef14df3c510f97fa9d133c1b8be6e1be4b3048f07 tomcat-jsp-3.1-api-10.1.49-1.el10.noarch.rpm SHA-256: e17345f5ca959b8f2a44b4ea6f7cee71ce5ce9586914a89aabbd273f425fdbcd tomcat-lib-10.1.49-1.el10.noarch.rpm SHA-256: 574e7e4dbb0b0304a6c23a90a331374cd67a1ded639fef0f3434d836d886cda5 tomcat-servlet-6.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 1185b7dacd021f38564263ed14be3d3b40d45676b93870d9e90774fa9998401d tomcat-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 9af00aff3a0098b39b214867d6096d6c01a97214e7dcdf398664f0544d55985c Red Hat Enterprise Linux for ARM 64 10 SRPM tomcat-10.1.49-1.el10.src.rpm SHA-256: b2f5d53c145945ead809c614c32abf789468db75a409d6c39846dd4e8d62b5b2 aarch64 tomcat-10.1.49-1.el10.noarch.rpm SHA-256: 714782af75de9b49ef36cb8b634b5b727079146aae9b9f390dbedef1536efd0c tomcat-admin-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 3dde560bce53288d26b8871ea6ea16debdf3aa7d1583bfed9329f714c491a984 tomcat-docs-webapp-10.1.49-1.el10.noarch.rpm SHA-256: 589509f0f174e25411d218a07841e8da5f5a5677f1477e3001100aeb8c1452b5 tomcat-el-5.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 7221da65e8a1002955c718fef14df3c510f97fa9d133c1b8be6e1be4b3048f07 tomcat-jsp-3.1-api-10.1.49-1.el10.noarch.rpm SHA-256: e17345f5ca959b8f2a44b4ea6f7cee71ce5ce9586914a89aabbd273f425fdbcd tomcat-lib-10.1.49-1.el10.noarch.rpm SHA-256: 574e7e4dbb0b0304a6c23a90a331374cd67a1ded639fef0f3434d836d886cda5 tomcat-servlet-6.0-api-10.1.49-1.el10.noarch.rpm SHA-256: 1185b7dacd021f38564263ed14be3d3b40d45676b93870d9e90774fa9998401d tomcat-webapps-10.1.49-1.el10.noarch.rpm SHA-256: 9af00aff3a0098b39b214867d6096d6c01a97214e7dcdf398664f0544d55985c The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .

Related Articles

MEDIUM DSA-6121-1 tomcat11 - security update Debian Security MEDIUM DSA-6120-1 tomcat10 - security update Debian Security HIGH Multiples vulnérabilités dans les produits VMware (20 mars 2026) CERT-FR (ANSSI) INFO RHSA-2026:18536: Important: tomcat9 security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn