Security update for tomcat SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03024-1 Final 1 1 2025-08-29T12:40:19Z current 2025-08-29T12:40:19Z 2025-08-29T12:40:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tomcat This update for tomcat fixes the following issues: Updated to 9.0.108: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388) - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318) - CVE-2025-52434: Fixed race condition on connection close when using the APR/Native connector leading to a JVM crash (bsc#1246389) - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset (bsc#1243895) Other: - Correct a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3024,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-3024,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-3024,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3024,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3024,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3024,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3024,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3024,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3024,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3024,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3024,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3024,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3024,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3024,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3024,SUSE-Storage-7.1-2025-3024,openSUSE-SLE-15.6-2025-3024 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503024-1/ Link for SUSE-SU-2025:03024-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041433.html E-Mail link for SUSE-SU-2025:03024-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243895 SUSE Bug 1243895 https://bugzilla.suse.com/1246318 SUSE Bug 1246318 https://bugzilla.suse.com/1246388 SUSE Bug 1246388 https://bugzilla.suse.com/1246389 SUSE Bug 1246389 https://www.suse.com/security/cve/CVE-2025-48989/ SUSE CVE CVE-2025-48989 page https://www.suse.com/security/cve/CVE-2025-49125/ SUSE CVE CVE-2025-49125 page https://www.suse.com/security/cve/CVE-2025-52434/ SUSE CVE CVE-2025-52434 page https://www.suse.com/security/cve/CVE-2025-52520/ SUSE CVE CVE-2025-52520 page https://www.suse.com/security/cve/CVE-2025-53506/ SUSE CVE CVE-2025-53506 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Web and Scripting 15 SP6 SUSE Linux Enterprise Module for Web and Scripting 15 SP7 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Server LTS 4.3 openSUSE Leap 15.6 tomcat-9.0.108-150200.91.1 tomcat-admin-webapps-9.0.108-150200.91.1 tomcat-docs-webapp-9.0.108-150200.91.1 tomcat-el-3_0-api-9.0.108-150200.91.1 tomcat-embed-9.0.108-150200.91.1 tomcat-javadoc-9.0.108-150200.91.1 tomcat-jsp-2_3-api-9.0.108-150200.91.1 tomcat-jsvc-9.0.108-150200.91.1 tomcat-lib-9.0.108-150200.91.1 tomcat-servlet-4_0-api-9.0.108-150200.91.1 tomcat-webapps-9.0.108-150200.91.1 tomcat-9.0.108-150200.91.1 as a component of SUSE Enterprise Storage 7.1 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Enterprise Storage 7.1 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Enterprise Storage 7.1 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Enterprise Storage 7.1 tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Enterprise Storage 7.1 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Enterprise Storage 7.1 tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Enterprise Storage 7.1 tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-9.0.108-150200.91.1 as a component of SUSE Manager Server LTS 4.3 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of SUSE Manager Server LTS 4.3 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of SUSE Manager Server LTS 4.3 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of SUSE Manager Server LTS 4.3 tomcat-lib-9.0.108-150200.91.1 as a component of SUSE Manager Server LTS 4.3 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of SUSE Manager Server LTS 4.3 tomcat-webapps-9.0.108-150200.91.1 as a component of SUSE Manager Server LTS 4.3 tomcat-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-admin-webapps-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-docs-webapp-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-el-3_0-api-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-embed-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-javadoc-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-jsp-2_3-api-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-jsvc-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-lib-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-servlet-4_0-api-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 tomcat-webapps-9.0.108-150200.91.1 as a component of openSUSE Leap 15.6 Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue. CVE-2025-48989 SUSE Enterprise Storage 7.1:tomcat-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-lib-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-embed-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-lib-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-webapps-9.0.108-150200.91.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503024-1/ https://www.suse.com/security/cve/CVE-2025-48989.html CVE-2025-48989 https://bugzilla.suse.com/1243888 SUSE Bug 1243888 https://bugzilla.suse.com/1243895 SUSE Bug 1243895 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. CVE-2025-49125 SUSE Enterprise Storage 7.1:tomcat-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-lib-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-embed-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-lib-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-webapps-9.0.108-150200.91.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503024-1/ https://www.suse.com/security/cve/CVE-2025-49125.html CVE-2025-49125 https://bugzilla.suse.com/1244649 SUSE Bug 1244649 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue. CVE-2025-52434 SUSE Enterprise Storage 7.1:tomcat-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-lib-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-embed-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-lib-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-webapps-9.0.108-150200.91.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503024-1/ https://www.suse.com/security/cve/CVE-2025-52434.html CVE-2025-52434 https://bugzilla.suse.com/1246389 SUSE Bug 1246389 For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. CVE-2025-52520 SUSE Enterprise Storage 7.1:tomcat-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-lib-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-embed-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-lib-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-webapps-9.0.108-150200.91.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503024-1/ https://www.suse.com/security/cve/CVE-2025-52520.html CVE-2025-52520 https://bugzilla.suse.com/1246388 SUSE Bug 1246388 Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue. CVE-2025-53506 SUSE Enterprise Storage 7.1:tomcat-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-admin-webapps-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-el-3_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-jsp-2_3-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-lib-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-servlet-4_0-api-9.0.108-150200.91.1 SUSE Manager Server LTS 4.3:tomcat-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-embed-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-lib-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.108-150200.91.1 openSUSE Leap 15.6:tomcat-webapps-9.0.108-150200.91.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503024-1/ https://www.suse.com/security/cve/CVE-2025-53506.html CVE-2025-53506 https://bugzilla.suse.com/1246318 SUSE Bug 1246318