Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45468 (GCVE-0-2023-45468)
Vulnerability from cvelistv5 – Published: 2023-10-13 00:00 – Updated: 2024-09-17 20:37
VLAI?
EPSS
Summary
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "n3m",
"vendor": "netis-systems",
"versions": [
{
"lessThanOrEqual": "v1.0.1.865",
"status": "affected",
"version": "v2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45468",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:34:53.942678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:37:03.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T12:45:45.174Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45468",
"datePublished": "2023-10-13T00:00:00.000Z",
"dateReserved": "2023-10-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T20:37:03.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C183597B-AF8E-4019-BA83-D47FC1AA71E7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C6E4234-6312-4E6B-910A-E0795AA11491\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 que Netis N3Mv2-V1.0.1.865 conten\\u00eda un desbordamiento del b\\u00fafer a trav\\u00e9s de pingWdogIp. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\\u00f3n de Servicio (DoS) mediante una entrada manipulada.\"}]",
"id": "CVE-2023-45468",
"lastModified": "2024-11-21T08:26:54.497",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-10-13T13:15:12.253",
"references": "[{\"url\": \"https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Product\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45468\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-10-13T13:15:12.253\",\"lastModified\":\"2024-11-21T08:26:54.497\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s de pingWdogIp. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) mediante una entrada manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C183597B-AF8E-4019-BA83-D47FC1AA71E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6E4234-6312-4E6B-910A-E0795AA11491\"}]}]}],\"references\":[{\"url\":\"https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Product\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:21:16.457Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45468\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-17T20:34:53.942678Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*\"], \"vendor\": \"netis-systems\", \"product\": \"n3m\", \"versions\": [{\"status\": \"affected\", \"version\": \"v2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"v1.0.1.865\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T20:36:57.627Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-10-13T12:45:45.174431\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45468\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-17T20:37:03.139Z\", \"dateReserved\": \"2023-10-09T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-10-13T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GSD-2023-45468
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45468",
"id": "GSD-2023-45468"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45468"
],
"details": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GSD-2023-45468",
"modified": "2023-12-13T01:20:38.389705Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-45468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md",
"refsource": "MISC",
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-45468"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md",
"refsource": "MISC",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
],
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-10-16T18:38Z",
"publishedDate": "2023-10-13T13:15Z"
}
}
}
GHSA-M9MF-9J6P-6PQ4
Vulnerability from github – Published: 2023-10-13 15:30 – Updated: 2024-04-04 08:37
VLAI?
Details
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2023-45468"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-13T13:15:12Z",
"severity": "HIGH"
},
"details": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"id": "GHSA-m9mf-9j6p-6pq4",
"modified": "2024-04-04T08:37:52Z",
"published": "2023-10-13T15:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45468"
},
{
"type": "WEB",
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
VAR-202310-0438
Vulnerability from variot - Updated: 2023-12-18 12:40Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. Netis N3Mv2 is a router device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n3m",
"scope": "eq",
"trust": 1.0,
"vendor": "netis",
"version": "1.0.1.865"
},
{
"model": "n3mv2",
"scope": "eq",
"trust": 0.6,
"vendor": "netis",
"version": "v1.0.1.865"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
},
{
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"cve": "CVE-2023-45468",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-78311",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-45468",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-78311",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
},
{
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. Netis N3Mv2 is a router device",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-45468"
},
{
"db": "CNVD",
"id": "CNVD-2023-78311"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-45468",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2023-78311",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
},
{
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"id": "VAR-202310-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
}
]
},
"last_update_date": "2023-12-18T12:40:54.430000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://github.com/adhikara13/cve/blob/main/netis_n3/buffer%20overflow%20in%20pingwdogip%20parameter%20leads%20to%20dos.md"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
},
{
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
},
{
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-78311"
},
{
"date": "2023-10-13T13:15:12.253000",
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-78311"
},
{
"date": "2023-10-16T18:38:51.880000",
"db": "NVD",
"id": "CVE-2023-45468"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis N3Mv2 buffer overflow vulnerability (CNVD-2023-78311)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-78311"
}
],
"trust": 0.6
}
}
CNVD-2023-78311
Vulnerability from cnvd - Published: 2023-10-20
VLAI Severity ?
Title
Netis N3Mv2缓冲区溢出漏洞(CNVD-2023-78311)
Description
Netis N3Mv2是一款路由器设备。
Netis N3Mv2存在缓冲区溢出漏洞,攻击者可利用该漏洞通过发送特制的请求,导致拒绝服务。
Severity
高
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.netis-systems.com/
Reference
https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md
Impacted products
| Name | Netis N3Mv2 V1.0.1.865 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-45468",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-45468"
}
},
"description": "Netis N3Mv2\u662f\u4e00\u6b3e\u8def\u7531\u5668\u8bbe\u5907\u3002\n\nNetis N3Mv2\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.netis-systems.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-78311",
"openTime": "2023-10-20",
"products": {
"product": "Netis N3Mv2 V1.0.1.865"
},
"referenceLink": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md",
"serverity": "\u9ad8",
"submitTime": "2023-10-17",
"title": "Netis N3Mv2\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2023-78311\uff09"
}
FKIE_CVE-2023-45468
Vulnerability from fkie_nvd - Published: 2023-10-13 13:15 - Updated: 2024-11-21 08:26
Severity ?
Summary
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md | Exploit, Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md | Exploit, Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netis-systems | n3m_firmware | 1.0.1.865 | |
| netis-systems | n3m | v2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s de pingWdogIp. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) mediante una entrada manipulada."
}
],
"id": "CVE-2023-45468",
"lastModified": "2024-11-21T08:26:54.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-13T13:15:12.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
],
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
],
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2026:1058-1
Vulnerability from csaf_suse - Published: 2026-03-26 09:46 - Updated: 2026-03-26 09:46Summary
Security update for tomcat
Severity
Important
Notes
Title of the patch: Security update for tomcat
Description of the patch: This update for tomcat fixes the following issues:
Update to Tomcat 9.0.115:
- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895).
- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash
(bsc#1246389).
- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).
- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).
- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).
- CVE-2023-44487: Rapid reset attack (bsc#1216182).
Patchnames: SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tomcat fixes the following issues:\n\nUpdate to Tomcat 9.0.115:\n\n- CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to \u0027MadeYouReset\u0027 DoS attack (bsc#1243895).\n- CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash\n (bsc#1246389).\n- CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318).\n- CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371).\n- CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385).\n- CVE-2023-44487: Rapid reset attack (bsc#1216182).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1058,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1058-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1058-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1058-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024949.html"
},
{
"category": "self",
"summary": "SUSE Bug 1216182",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "self",
"summary": "SUSE Bug 1243895",
"url": "https://bugzilla.suse.com/1243895"
},
{
"category": "self",
"summary": "SUSE Bug 1246318",
"url": "https://bugzilla.suse.com/1246318"
},
{
"category": "self",
"summary": "SUSE Bug 1246389",
"url": "https://bugzilla.suse.com/1246389"
},
{
"category": "self",
"summary": "SUSE Bug 1258371",
"url": "https://bugzilla.suse.com/1258371"
},
{
"category": "self",
"summary": "SUSE Bug 1258385",
"url": "https://bugzilla.suse.com/1258385"
},
{
"category": "self",
"summary": "SUSE Bug 1259224",
"url": "https://bugzilla.suse.com/1259224"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13934 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13935 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13943 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-17527 page",
"url": "https://www.suse.com/security/cve/CVE-2020-17527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-24122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-24122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25122 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25329 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25329/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33037 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23181 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42252 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-24998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-24998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28709 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-41080 page",
"url": "https://www.suse.com/security/cve/CVE-2023-41080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-21733 page",
"url": "https://www.suse.com/security/cve/CVE-2024-21733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23672 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24549 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34750 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38286 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-52316 page",
"url": "https://www.suse.com/security/cve/CVE-2024-52316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54677 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31651 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48989 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52434 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52434/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52520 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61795 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61795/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24733 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24733/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2026-03-26T09:46:45Z",
"generator": {
"date": "2026-03-26T09:46:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1058-1",
"initial_release_date": "2026-03-26T09:46:45Z",
"revision_history": [
{
"date": "2026-03-26T09:46:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-9.0.115-3.160.1.noarch",
"product_id": "tomcat-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-admin-webapps-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"product_id": "tomcat-docs-webapp-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-embed-9.0.115-3.160.1.noarch",
"product_id": "tomcat-embed-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-javadoc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-jsvc-9.0.115-3.160.1.noarch",
"product_id": "tomcat-jsvc-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch",
"product_id": "tomcat-lib-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"product_id": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch",
"product_id": "tomcat-webapps-9.0.115-3.160.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-javadoc-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-lib-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-9.0.115-3.160.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
},
"product_reference": "tomcat-webapps-9.0.115-3.160.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13934"
}
],
"notes": [
{
"category": "general",
"text": "An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13934",
"url": "https://www.suse.com/security/cve/CVE-2020-13934"
},
{
"category": "external",
"summary": "SUSE Bug 1174121 for CVE-2020-13934",
"url": "https://bugzilla.suse.com/1174121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13935"
}
],
"notes": [
{
"category": "general",
"text": "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13935",
"url": "https://www.suse.com/security/cve/CVE-2020-13935"
},
{
"category": "external",
"summary": "SUSE Bug 1174117 for CVE-2020-13935",
"url": "https://bugzilla.suse.com/1174117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13943"
}
],
"notes": [
{
"category": "general",
"text": "If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13943",
"url": "https://www.suse.com/security/cve/CVE-2020-13943"
},
{
"category": "external",
"summary": "SUSE Bug 1177582 for CVE-2020-13943",
"url": "https://bugzilla.suse.com/1177582"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2020-13943"
},
{
"cve": "CVE-2020-17527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-17527"
}
],
"notes": [
{
"category": "general",
"text": "While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-17527",
"url": "https://www.suse.com/security/cve/CVE-2020-17527"
},
{
"category": "external",
"summary": "SUSE Bug 1179602 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1179602"
},
{
"category": "external",
"summary": "SUSE Bug 1180830 for CVE-2020-17527",
"url": "https://bugzilla.suse.com/1180830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2020-17527"
},
{
"cve": "CVE-2021-24122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-24122"
}
],
"notes": [
{
"category": "general",
"text": "When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-24122",
"url": "https://www.suse.com/security/cve/CVE-2021-24122"
},
{
"category": "external",
"summary": "SUSE Bug 1180947 for CVE-2021-24122",
"url": "https://bugzilla.suse.com/1180947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-24122"
},
{
"cve": "CVE-2021-25122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25122"
}
],
"notes": [
{
"category": "general",
"text": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A\u0027s request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25122",
"url": "https://www.suse.com/security/cve/CVE-2021-25122"
},
{
"category": "external",
"summary": "SUSE Bug 1182912 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1182912"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-25122",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-25329",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25329"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25329",
"url": "https://www.suse.com/security/cve/CVE-2021-25329"
},
{
"category": "external",
"summary": "SUSE Bug 1182909 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1182909"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-25329",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-25329"
},
{
"cve": "CVE-2021-30640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30640",
"url": "https://www.suse.com/security/cve/CVE-2021-30640"
},
{
"category": "external",
"summary": "SUSE Bug 1188279 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1188279"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-30640",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-30640"
},
{
"cve": "CVE-2021-33037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33037"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33037",
"url": "https://www.suse.com/security/cve/CVE-2021-33037"
},
{
"category": "external",
"summary": "SUSE Bug 1188278 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1188278"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2021-33037",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-41079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41079"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41079",
"url": "https://www.suse.com/security/cve/CVE-2021-41079"
},
{
"category": "external",
"summary": "SUSE Bug 1190558 for CVE-2021-41079",
"url": "https://bugzilla.suse.com/1190558"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-41079"
},
{
"cve": "CVE-2021-43980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43980"
}
],
"notes": [
{
"category": "general",
"text": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43980",
"url": "https://www.suse.com/security/cve/CVE-2021-43980"
},
{
"category": "external",
"summary": "SUSE Bug 1203868 for CVE-2021-43980",
"url": "https://bugzilla.suse.com/1203868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2021-43980"
},
{
"cve": "CVE-2022-23181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23181"
}
],
"notes": [
{
"category": "general",
"text": "The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23181",
"url": "https://www.suse.com/security/cve/CVE-2022-23181"
},
{
"category": "external",
"summary": "SUSE Bug 1195255 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1195255"
},
{
"category": "external",
"summary": "SUSE Bug 1196395 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1196395"
},
{
"category": "external",
"summary": "SUSE Bug 1200696 for CVE-2022-23181",
"url": "https://bugzilla.suse.com/1200696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2022-23181"
},
{
"cve": "CVE-2022-42252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42252"
}
],
"notes": [
{
"category": "general",
"text": "If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42252",
"url": "https://www.suse.com/security/cve/CVE-2022-42252"
},
{
"category": "external",
"summary": "SUSE Bug 1204918 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1204918"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2022-42252",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2023-24998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-24998"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-24998",
"url": "https://www.suse.com/security/cve/CVE-2023-24998"
},
{
"category": "external",
"summary": "SUSE Bug 1208513 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1208513"
},
{
"category": "external",
"summary": "SUSE Bug 1210310 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1210310"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-24998",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-28708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28708"
}
],
"notes": [
{
"category": "general",
"text": "When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\nOlder, EOL versions may also be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28708",
"url": "https://www.suse.com/security/cve/CVE-2023-28708"
},
{
"category": "external",
"summary": "SUSE Bug 1209622 for CVE-2023-28708",
"url": "https://bugzilla.suse.com/1209622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28708"
},
{
"cve": "CVE-2023-28709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28709"
}
],
"notes": [
{
"category": "general",
"text": "The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28709",
"url": "https://www.suse.com/security/cve/CVE-2023-28709"
},
{
"category": "external",
"summary": "SUSE Bug 1211608 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1211608"
},
{
"category": "external",
"summary": "SUSE Bug 1228313 for CVE-2023-28709",
"url": "https://bugzilla.suse.com/1228313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-28709"
},
{
"cve": "CVE-2023-41080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-41080"
}
],
"notes": [
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\nOlder, EOL versions may also be affected.\n\n\nThe vulnerability is limited to the ROOT (default) web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-41080",
"url": "https://www.suse.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "SUSE Bug 1214666 for CVE-2023-41080",
"url": "https://bugzilla.suse.com/1214666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-41080"
},
{
"cve": "CVE-2023-42795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42795"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42795",
"url": "https://www.suse.com/security/cve/CVE-2023-42795"
},
{
"category": "external",
"summary": "SUSE Bug 1216119 for CVE-2023-42795",
"url": "https://bugzilla.suse.com/1216119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-42795"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45468"
}
],
"notes": [
{
"category": "general",
"text": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45468",
"url": "https://www.suse.com/security/cve/CVE-2023-45468"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2023-45468",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2023-45468"
},
{
"cve": "CVE-2023-46589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46589"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46589",
"url": "https://www.suse.com/security/cve/CVE-2023-46589"
},
{
"category": "external",
"summary": "SUSE Bug 1217649 for CVE-2023-46589",
"url": "https://bugzilla.suse.com/1217649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2024-21733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-21733"
}
],
"notes": [
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-21733",
"url": "https://www.suse.com/security/cve/CVE-2024-21733"
},
{
"category": "external",
"summary": "SUSE Bug 1219023 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1219023"
},
{
"category": "external",
"summary": "SUSE Bug 1220503 for CVE-2024-21733",
"url": "https://bugzilla.suse.com/1220503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-21733"
},
{
"cve": "CVE-2024-23672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23672"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nOlder, EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23672",
"url": "https://www.suse.com/security/cve/CVE-2024-23672"
},
{
"category": "external",
"summary": "SUSE Bug 1221385 for CVE-2024-23672",
"url": "https://bugzilla.suse.com/1221385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24549"
}
],
"notes": [
{
"category": "general",
"text": "Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24549",
"url": "https://www.suse.com/security/cve/CVE-2024-24549"
},
{
"category": "external",
"summary": "SUSE Bug 1221386 for CVE-2024-24549",
"url": "https://bugzilla.suse.com/1221386"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-34750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34750"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34750",
"url": "https://www.suse.com/security/cve/CVE-2024-34750"
},
{
"category": "external",
"summary": "SUSE Bug 1227399 for CVE-2024-34750",
"url": "https://bugzilla.suse.com/1227399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38286"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.\n\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.35 through 8.5.100 and 7.0.92 through 7.0.109. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38286",
"url": "https://www.suse.com/security/cve/CVE-2024-38286"
},
{
"category": "external",
"summary": "SUSE Bug 1230986 for CVE-2024-38286",
"url": "https://bugzilla.suse.com/1230986"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-50379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50379"
}
],
"notes": [
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50379",
"url": "https://www.suse.com/security/cve/CVE-2024-50379"
},
{
"category": "external",
"summary": "SUSE Bug 1234663 for CVE-2024-50379",
"url": "https://bugzilla.suse.com/1234663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-52316"
}
],
"notes": [
{
"category": "general",
"text": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-52316",
"url": "https://www.suse.com/security/cve/CVE-2024-52316"
},
{
"category": "external",
"summary": "SUSE Bug 1233434 for CVE-2024-52316",
"url": "https://bugzilla.suse.com/1233434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "critical"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54677"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54677",
"url": "https://www.suse.com/security/cve/CVE-2024-54677"
},
{
"category": "external",
"summary": "SUSE Bug 1234664 for CVE-2024-54677",
"url": "https://bugzilla.suse.com/1234664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2025-24813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24813"
}
],
"notes": [
{
"category": "general",
"text": "Path Equivalence: \u0027file.Name\u0027 (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nIf all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads\n- attacker knowledge of the names of security sensitive files being uploaded\n- the security sensitive files also being uploaded via partial PUT\n\nIf all of the following were true, a malicious user was able to perform remote code execution:\n- writes enabled for the default servlet (disabled by default)\n- support for partial PUT (enabled by default)\n- application was using Tomcat\u0027s file based session persistence with the default storage location\n- application included a library that may be leveraged in a deserialization attack\n\nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24813",
"url": "https://www.suse.com/security/cve/CVE-2025-24813"
},
{
"category": "external",
"summary": "SUSE Bug 1239302 for CVE-2025-24813",
"url": "https://bugzilla.suse.com/1239302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-24813"
},
{
"cve": "CVE-2025-31651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31651"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31651",
"url": "https://www.suse.com/security/cve/CVE-2025-31651"
},
{
"category": "external",
"summary": "SUSE Bug 1242009 for CVE-2025-31651",
"url": "https://bugzilla.suse.com/1242009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-31651"
},
{
"cve": "CVE-2025-46701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46701"
}
],
"notes": [
{
"category": "general",
"text": "Improper Handling of Case Sensitivity vulnerability in Apache Tomcat\u0027s GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46701",
"url": "https://www.suse.com/security/cve/CVE-2025-46701"
},
{
"category": "external",
"summary": "SUSE Bug 1243815 for CVE-2025-46701",
"url": "https://bugzilla.suse.com/1243815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-46701"
},
{
"cve": "CVE-2025-48988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48988"
}
],
"notes": [
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48988",
"url": "https://www.suse.com/security/cve/CVE-2025-48988"
},
{
"category": "external",
"summary": "SUSE Bug 1244656 for CVE-2025-48988",
"url": "https://bugzilla.suse.com/1244656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48988"
},
{
"cve": "CVE-2025-48989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48989"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48989",
"url": "https://www.suse.com/security/cve/CVE-2025-48989"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1243895 for CVE-2025-48989",
"url": "https://bugzilla.suse.com/1243895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-48989"
},
{
"cve": "CVE-2025-49125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49125"
}
],
"notes": [
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49125",
"url": "https://www.suse.com/security/cve/CVE-2025-49125"
},
{
"category": "external",
"summary": "SUSE Bug 1244649 for CVE-2025-49125",
"url": "https://bugzilla.suse.com/1244649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-49125"
},
{
"cve": "CVE-2025-52434",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52434"
}
],
"notes": [
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections.\n\nThis issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 9.0.107, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52434",
"url": "https://www.suse.com/security/cve/CVE-2025-52434"
},
{
"category": "external",
"summary": "SUSE Bug 1246389 for CVE-2025-52434",
"url": "https://bugzilla.suse.com/1246389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52434"
},
{
"cve": "CVE-2025-52520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52520"
}
],
"notes": [
{
"category": "general",
"text": "For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52520",
"url": "https://www.suse.com/security/cve/CVE-2025-52520"
},
{
"category": "external",
"summary": "SUSE Bug 1246388 for CVE-2025-52520",
"url": "https://bugzilla.suse.com/1246388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53506"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53506",
"url": "https://www.suse.com/security/cve/CVE-2025-53506"
},
{
"category": "external",
"summary": "SUSE Bug 1246318 for CVE-2025-53506",
"url": "https://bugzilla.suse.com/1246318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53506"
},
{
"cve": "CVE-2025-55752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55752"
}
],
"notes": [
{
"category": "general",
"text": "Relative Path Traversal vulnerability in Apache Tomcat.\n\nThe fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55752",
"url": "https://www.suse.com/security/cve/CVE-2025-55752"
},
{
"category": "external",
"summary": "SUSE Bug 1252753 for CVE-2025-55752",
"url": "https://bugzilla.suse.com/1252753"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-55754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55754"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55754",
"url": "https://www.suse.com/security/cve/CVE-2025-55754"
},
{
"category": "external",
"summary": "SUSE Bug 1252905 for CVE-2025-55754",
"url": "https://bugzilla.suse.com/1252905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55754"
},
{
"cve": "CVE-2025-61795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61795"
}
],
"notes": [
{
"category": "general",
"text": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat.\n\nIf an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61795",
"url": "https://www.suse.com/security/cve/CVE-2025-61795"
},
{
"category": "external",
"summary": "SUSE Bug 1252756 for CVE-2025-61795",
"url": "https://bugzilla.suse.com/1252756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66614"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66614",
"url": "https://www.suse.com/security/cve/CVE-2025-66614"
},
{
"category": "external",
"summary": "SUSE Bug 1258371 for CVE-2025-66614",
"url": "https://bugzilla.suse.com/1258371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "important"
}
],
"title": "CVE-2025-66614"
},
{
"cve": "CVE-2026-24733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24733"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in Apache Tomcat.\n\n\nTomcat did not limit HTTP/0.9 requests to the GET method. If a security \nconstraint was configured to allow HEAD requests to a URI but deny GET \nrequests, the user could bypass that constraint on GET requests by \nsending a (specification invalid) HEAD request using HTTP/0.9.\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.\n\n\nOlder, EOL versions are also affected.\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24733",
"url": "https://www.suse.com/security/cve/CVE-2026-24733"
},
{
"category": "external",
"summary": "SUSE Bug 1258385 for CVE-2026-24733",
"url": "https://bugzilla.suse.com/1258385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.115-3.160.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.115-3.160.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T09:46:45Z",
"details": "moderate"
}
],
"title": "CVE-2026-24733"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…