摘要:
tomcat security update
安全等级: High
公告ID: KylinSec-SA-2025-2874
发布日期: 2025年9月15日
关联CVE: CVE-2025-48989 CVE-2025-55668
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process.
Security Fix(es):
Apache Tomcat is vulnerable to the made you reset attack due to an Improper Resource Shutdown or Release vulnerability. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.(CVE-2025-48989)
Session Fixation vulnerability in Apache Tomcat via rewrite valve.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.(CVE-2025-55668)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-48989 | KY3.4-5A | tomcat | Fixed |
| CVE-2025-55668 | KY3.4-5A | tomcat | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| tomcat | noarch | 9.0.100-8.kb1.ky3_4 |
| tomcat-help | noarch | 9.0.100-8.kb1.ky3_4 |
| tomcat-jsvc | noarch | 9.0.100-8.kb1.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
