| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tomcat-admin-webapps | Distribution: CentOS |
| Version: 9.0.117 | Vendor: CentOS |
| Release: 1.el9 | Build date: Fri May 29 11:09:21 2026 |
| Group: Unspecified | Build host: aarch64-02.stream.rdu2.redhat.com |
| Size: 276031 | Source RPM: tomcat-9.0.117-1.el9.src.rpm |
| Packager: builder@centos.org | |
| Url: http://tomcat.apache.org/ | |
| Summary: The host-manager and manager web applications for Apache Tomcat | |
The host-manager and manager web applications for Apache Tomcat.
ASL 2.0
* Tue May 26 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.117-1
- Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation
- Resolves:
Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (CVE-2026-34500)
- Resolves:
Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token (CVE-2026-34487)
- Resolves:
Tomcat: The fix for CVE-2026-29146 allowed the bypass of the EncryptInterceptor (CVE-2026-34486)
- Resolves:
Tomcat: Incomplete escaping of JSON access logs (CVE-2026-34483)
- Resolves:
Tomcat: The fix for CVE-2025-66614 was incomplete (CVE-2026-32990)
- Resolves:
Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default (CVE-2026-29146)
- Resolves:
Tomcat: OCSP checks sometimes soft-fail even when soft-fail is disabled (CVE-2026-29145)
- Resolves:
Tomcat: Configured TLS cipher preference order not preserved (CVE-2026-29129)
- Resolves:
Tomcat: Occasionally open redirect (CVE-2026-25854)
- Resolves:
Tomcat: Request smuggling via invalid chunk extension (CVE-2026-24880)
- Resolves:
Tomcat: Incomplete OCSP verification checks (CVE-2026-24734)
- Resolves:
Tomcat: Security constraint bypass (CVE-2026-24733)
- Resolves:
Tomcat: Client certificate verification bypass due to virtual host mapping (CVE-2025-66614)
* Tue Apr 14 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-3
- Resolves: RHEL-168081 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)
* Thu Feb 26 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-2
- Resolves: RHEL-154364 Tomcat fails to respond to client connections when using Java 8
* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
- Resolves: RHEL-148687
Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
* Wed Jan 21 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-7
- Resolves: RHEL-124516
tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
- Resolves: RHEL-132561
tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6
- Resolves: RHEL-102201
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
* Tue Aug 12 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
- Resolves: RHEL-108489
tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
- Resolves: RHEL-108497
tomcat: Dos in multipart upload (CVE-2025-48988)
- Resolves: RHEL-108505
tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- Resolves: RHEL-108513
tomcat: Denial of service (CVE-2025-52434)
- Resolves: RHEL-108529
tomcat: Denial of service (CVE-2025-52520)
- Resolves: RHEL-108523
tomcat: Denial of service (CVE-2025-53506)
* Mon Jul 21 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-4
- Resolves: RHEL-91763
tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
- Resolves: RHEL-71985
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
* Tue Apr 08 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-3
- Resolves: RHEL-82945
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
- Resolves: RHEL-71723
tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
* Thu Aug 08 2024 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-2
- Resolves: RHEL-46163
tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)
- Resolves: RHEL-18245 - OpenJDK 21 support for RHEL Tomcat
/var/lib/tomcat/webapps/host-manager /var/lib/tomcat/webapps/host-manager/META-INF /var/lib/tomcat/webapps/host-manager/META-INF/context.xml /var/lib/tomcat/webapps/host-manager/WEB-INF /var/lib/tomcat/webapps/host-manager/WEB-INF/jsp /var/lib/tomcat/webapps/host-manager/WEB-INF/jsp/401.jsp /var/lib/tomcat/webapps/host-manager/WEB-INF/jsp/403.jsp /var/lib/tomcat/webapps/host-manager/WEB-INF/jsp/404.jsp /var/lib/tomcat/webapps/host-manager/WEB-INF/manager.xml /var/lib/tomcat/webapps/host-manager/WEB-INF/web.xml /var/lib/tomcat/webapps/host-manager/css /var/lib/tomcat/webapps/host-manager/css/manager.css /var/lib/tomcat/webapps/host-manager/images /var/lib/tomcat/webapps/host-manager/images/asf-logo.svg /var/lib/tomcat/webapps/host-manager/images/favicon.ico /var/lib/tomcat/webapps/host-manager/images/tomcat.svg /var/lib/tomcat/webapps/host-manager/index.jsp /var/lib/tomcat/webapps/manager /var/lib/tomcat/webapps/manager/META-INF /var/lib/tomcat/webapps/manager/META-INF/context.xml /var/lib/tomcat/webapps/manager/WEB-INF /var/lib/tomcat/webapps/manager/WEB-INF/jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/401.jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/403.jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/404.jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/connectorCerts.jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/connectorTrustedCerts.jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/sessionDetail.jsp /var/lib/tomcat/webapps/manager/WEB-INF/jsp/sessionsList.jsp /var/lib/tomcat/webapps/manager/WEB-INF/web.xml /var/lib/tomcat/webapps/manager/css /var/lib/tomcat/webapps/manager/css/manager.css /var/lib/tomcat/webapps/manager/images /var/lib/tomcat/webapps/manager/images/asf-logo.svg /var/lib/tomcat/webapps/manager/images/favicon.ico /var/lib/tomcat/webapps/manager/images/tomcat.svg /var/lib/tomcat/webapps/manager/index.jsp /var/lib/tomcat/webapps/manager/status.xsd /var/lib/tomcat/webapps/manager/xform.xsl
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Jun 12 04:27:08 2026