{"affected":[{"ecosystem_specific":{"binaries":[{"tomcat11":"11.0.9-150600.13.6.1","tomcat11-admin-webapps":"11.0.9-150600.13.6.1","tomcat11-el-6_0-api":"11.0.9-150600.13.6.1","tomcat11-jsp-4_0-api":"11.0.9-150600.13.6.1","tomcat11-lib":"11.0.9-150600.13.6.1","tomcat11-servlet-6_1-api":"11.0.9-150600.13.6.1","tomcat11-webapps":"11.0.9-150600.13.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 15 SP6","name":"tomcat11","purl":"pkg:rpm/suse/tomcat11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.9-150600.13.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat11":"11.0.9-150600.13.6.1","tomcat11-admin-webapps":"11.0.9-150600.13.6.1","tomcat11-el-6_0-api":"11.0.9-150600.13.6.1","tomcat11-jsp-4_0-api":"11.0.9-150600.13.6.1","tomcat11-lib":"11.0.9-150600.13.6.1","tomcat11-servlet-6_1-api":"11.0.9-150600.13.6.1","tomcat11-webapps":"11.0.9-150600.13.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 15 SP7","name":"tomcat11","purl":"pkg:rpm/suse/tomcat11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.9-150600.13.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tomcat11":"11.0.9-150600.13.6.1","tomcat11-admin-webapps":"11.0.9-150600.13.6.1","tomcat11-doc":"11.0.9-150600.13.6.1","tomcat11-docs-webapp":"11.0.9-150600.13.6.1","tomcat11-el-6_0-api":"11.0.9-150600.13.6.1","tomcat11-embed":"11.0.9-150600.13.6.1","tomcat11-jsp-4_0-api":"11.0.9-150600.13.6.1","tomcat11-jsvc":"11.0.9-150600.13.6.1","tomcat11-lib":"11.0.9-150600.13.6.1","tomcat11-servlet-6_1-api":"11.0.9-150600.13.6.1","tomcat11-webapps":"11.0.9-150600.13.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"tomcat11","purl":"pkg:rpm/opensuse/tomcat11&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.0.9-150600.13.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tomcat11 fixes the following issues:\n\nUpdated to Tomcat 11.0.9\n- CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388)\n- CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318)\n    \nOther:\n- Correct a regression in the fix for CVE-2025-49125 that\n  prevented access to PreResources and PostResources when mounted below the\n  web application root with a path that was terminated with a file\n  separator.\n","id":"SUSE-SU-2025:02979-1","modified":"2025-08-25T13:46:18Z","published":"2025-08-25T13:46:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502979-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246318"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246388"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-49125"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-52520"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-53506"}],"related":["CVE-2025-49125","CVE-2025-52520","CVE-2025-53506"],"summary":"Security update for tomcat11","upstream":["CVE-2025-49125","CVE-2025-52520","CVE-2025-53506"]}