Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tomcat9-admin-webapps-9.0.117-1.el10 RPM for noarch

From CentOS Stream 10 AppStream for aarch64

Name: tomcat9-admin-webapps Distribution: CentOS
Version: 9.0.117 Vendor: CentOS
Release: 1.el10 Build date: Fri Jun 5 17:32:49 2026
Group: Unspecified Build host: aarch64-03.stream.rdu2.redhat.com
Size: 276031 Source RPM: tomcat9-9.0.117-1.el10.src.rpm
Packager: builder@centos.org
Url: http://tomcat.apache.org/
Summary: The host-manager and manager web applications for Apache Tomcat
 
The host-manager and manager web applications for Apache Tomcat.

Provides

Requires

License

Apache-2.0

Changelog

* Fri May 29 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.117-1
  - Resolves: RHEL-150720
    Tomcat: Certificate revocation bypass due to improper OCSP response validation (CVE-2026-24734)
  - Resolves:
    Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (CVE-2026-34500)
  - Resolves:
    Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token (CVE-2026-34487)
  - Resolves:
    Tomcat: The fix for CVE-2026-29146 allowed the bypass of the EncryptInterceptor (CVE-2026-34486)
  - Resolves:
    Tomcat: Incomplete escaping of JSON access logs (CVE-2026-34483)
  - Resolves:
    Tomcat: The fix for CVE-2025-66614 was incomplete (CVE-2026-32990)
  - Resolves:
    Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default (CVE-2026-29146)
  - Resolves:
    Tomcat: OCSP checks sometimes soft-fail even when soft-fail is disabled (CVE-2026-29145)
  - Resolves:
    Tomcat: Configured TLS cipher preference order not preserved (CVE-2026-29129)
  - Resolves:
    Tomcat: Occasionally open redirect (CVE-2026-25854)
  - Resolves:
    Tomcat: Request smuggling via invalid chunk extension (CVE-2026-24880)
  - Resolves:
    Tomcat: Incomplete OCSP verification checks (CVE-2026-24734)
  - Resolves:
    Tomcat: Security constraint bypass (CVE-2026-24733)
  - Resolves:
    Tomcat: Client certificate verification bypass due to virtual host mapping (CVE-2025-66614)
* Tue Apr 14 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-3
  - Resolves: RHEL-168243 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)
* Mon Mar 23 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-2
  - Resolves: RHEL-158962 NPE in tomcat9 when used with TLS enabled custom connector
* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
  - Resolves: RHEL-148687
    Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
* Fri Jan 23 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-9
  - Resolves: RHEL-124496
    tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
  - Resolves: RHEL-132559
    tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* Mon Aug 18 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-8
  - Resolves: RHEL-102186
    tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* Wed Aug 13 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-7
  - Resolves: RHEL-108485
    tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
  - Resolves: RHEL-108493
    tomcat: Dos in multipart upload (CVE-2025-48988)
  - Resolves: RHEL-108501
    tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
  - Resolves: RHEL-108509
    tomcat: Denial of service (CVE-2025-52434)
  - Resolves: RHEL-108522
    tomcat: Denial of service (CVE-2025-52520)
  - Resolves: RHEL-108517
    tomcat: Denial of service (CVE-2025-53506)
* Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5.el10_0.1
  - Resolves: RHEL-91750
    tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
  - Resolves: RHEL-94960
    tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
* Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
  - Resolves: RHEL-82927
    tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
* Thu Feb 13 2025 Joe Orton <jorton@redhat.com> - 1:9.0.87-4
  - add Obsoletes to aid upgrade path from tomcat-9.x
    Resolves: RHEL-79313
* Mon Feb 03 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
  - Resolves: RHEL-77325 Missing conflicts in spec file
* Fri Jan 24 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
  - Initial commit on c10s
    Resolves: RHEL-69841
  - tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

Files

/var/lib/tomcat/webapps/host-manager
/var/lib/tomcat/webapps/host-manager/META-INF
/var/lib/tomcat/webapps/host-manager/META-INF/context.xml
/var/lib/tomcat/webapps/host-manager/WEB-INF
/var/lib/tomcat/webapps/host-manager/WEB-INF/jsp
/var/lib/tomcat/webapps/host-manager/WEB-INF/jsp/401.jsp
/var/lib/tomcat/webapps/host-manager/WEB-INF/jsp/403.jsp
/var/lib/tomcat/webapps/host-manager/WEB-INF/jsp/404.jsp
/var/lib/tomcat/webapps/host-manager/WEB-INF/manager.xml
/var/lib/tomcat/webapps/host-manager/WEB-INF/web.xml
/var/lib/tomcat/webapps/host-manager/css
/var/lib/tomcat/webapps/host-manager/css/manager.css
/var/lib/tomcat/webapps/host-manager/images
/var/lib/tomcat/webapps/host-manager/images/asf-logo.svg
/var/lib/tomcat/webapps/host-manager/images/favicon.ico
/var/lib/tomcat/webapps/host-manager/images/tomcat.svg
/var/lib/tomcat/webapps/host-manager/index.jsp
/var/lib/tomcat/webapps/manager
/var/lib/tomcat/webapps/manager/META-INF
/var/lib/tomcat/webapps/manager/META-INF/context.xml
/var/lib/tomcat/webapps/manager/WEB-INF
/var/lib/tomcat/webapps/manager/WEB-INF/jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/401.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/403.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/404.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/connectorCerts.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/jsp/sessionsList.jsp
/var/lib/tomcat/webapps/manager/WEB-INF/web.xml
/var/lib/tomcat/webapps/manager/css
/var/lib/tomcat/webapps/manager/css/manager.css
/var/lib/tomcat/webapps/manager/images
/var/lib/tomcat/webapps/manager/images/asf-logo.svg
/var/lib/tomcat/webapps/manager/images/favicon.ico
/var/lib/tomcat/webapps/manager/images/tomcat.svg
/var/lib/tomcat/webapps/manager/index.jsp
/var/lib/tomcat/webapps/manager/status.xsd
/var/lib/tomcat/webapps/manager/xform.xsl

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jun 16 05:30:05 2026