UbuntuUpdates.org

Package "tomcat10"

Name: tomcat10

Description:

Apache Tomcat 10 - Servlet and JSP engine

Latest version: 10.1.35-1ubuntu0.1
Release: plucky (25.04)
Level: security
Repository: universe
Homepage: http://tomcat.apache.org

Links


Download "tomcat10"


Other versions of "tomcat10" in Plucky

Repository Area Version
base universe 10.1.35-1
updates universe 10.1.35-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.1.35-1ubuntu0.1 2025-08-20 04:07:13 UTC

  tomcat10 (10.1.35-1ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Security Constraint Bypass
    - debian/patches/CVE-2025-46701-pre1.patch: Refactor before
      applying security patch
    - debian/patches/CVE-2025-46701.patch: Refactor CGI servlet to
      access resources via WebResources
    - debian/patches/CVE-2025-31651.patch: Better handling of URLs with
      literal ';' and '?'
    - CVE-2025-46701
    - CVE-2025-31651

 -- Bruce Cable <email address hidden> Fri, 20 Jun 2025 14:15:00 +1000

CVE-2025-46701 Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that app
CVE-2025-31651 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, i



About   -   Send Feedback to @ubuntu_updates