Home / mailingsPDF  

[USN-7705-1] Tomcat vulnerabilities

Posted on 20 August 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7705-1
August 20, 2025

tomcat10 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description:
- tomcat10: Servlet and JSP engine

Details:

It was discovered that Tomcat did not correctly handle case sensitivity.
An attacker could possibly use this issue to bypass authentication
mechanisms. (CVE-2025-46701)

Elysee Franchuk discovered that Tomcat did not correctly limit the number
of attributes for a session. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 24.04 LTS.
(CVE-2024-54677)

It was discovered that Tomcat did not correctly sanitize certain URLs. An
attacker could possibly use this issue to bypass authentication
mechanisms. (CVE-2025-31651)

It was discovered that Tomcat did not correctly handle certain malformed
HTTP headers,
which could lead to a memory leak. An attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS. (CVE-2025-31650)

It was discovered that Tomcat did not correctly handle concurrent
operations under certain circumstances. An attacker could possibly use
this issue to execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2024-50379)

It was discovered that Tomcat did not correctly handle certain
authentication errors. An attacker could possibly use this issue to
bypass authentication mechanisms. This issue only affected
Ubuntu 24.04 LTS. (CVE-2024-52316)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libtomcat10-java 10.1.35-1ubuntu0.1
tomcat10 10.1.35-1ubuntu0.1

Ubuntu 24.04 LTS
libtomcat10-java 10.1.16-1ubuntu0.1~esm3
Available with Ubuntu Pro
tomcat10 10.1.16-1ubuntu0.1~esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7705-1
CVE-2024-50379, CVE-2024-52317, CVE-2024-54677, CVE-2025-31650,
CVE-2025-31651, CVE-2025-46701

Package Information:
https://launchpad.net/ubuntu/+source/tomcat10/10.1.35-1ubuntu0.1

--===============2876066798961803114==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :