Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:0125 - Security Advisory
Issued:
2024-01-10
Updated:
2024-01-10

RHSA-2024:0125 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: tomcat security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tomcat is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

  • tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
  • tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
  • tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
  • tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2235370 - CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication
  • BZ - 2243749 - CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling
  • BZ - 2243751 - CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows
  • BZ - 2243752 - CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak

CVEs

  • CVE-2023-41080
  • CVE-2023-42794
  • CVE-2023-42795
  • CVE-2023-45648

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
tomcat-9.0.62-27.el8_9.2.src.rpm SHA-256: 8205cd854c77c97a763a744cb0a1bb3e98456bacbbd008d3d5293c5f467430b0
x86_64
tomcat-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 3a8860f1f112c718b4a1487cf6d1af9d8b4caad318cd95ed3050c84c02cefe38
tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: a2539f5d0a76037d04f1ecbae611fde87179531aecd5c9e72debecc981005bd8
tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm SHA-256: f340f37ba7d3e9252b45e1644bdb482cbba952c792e15c7491039ebfd5103553
tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: dd25c6897a00de2349af842304641f83924264457e43375347114e6844922d0b
tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: e226928c0e8330bb6a5ea9865a66278b88f6de2fd7a45452a654b1e5e46028bd
tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 99909445a22754831e41432eea68a16c4f85cc2dd759620ae9c3402ca54768e4
tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: c225793418d9fb101b661ee8f9483580c39e9b9a12e5fb5abc5099158d0bcc06
tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 2096fc49a2fb3e1504974a44b5059ab5b88afb510f314ab1e5c77f1ec06aee18

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
tomcat-9.0.62-27.el8_9.2.src.rpm SHA-256: 8205cd854c77c97a763a744cb0a1bb3e98456bacbbd008d3d5293c5f467430b0
s390x
tomcat-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 3a8860f1f112c718b4a1487cf6d1af9d8b4caad318cd95ed3050c84c02cefe38
tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: a2539f5d0a76037d04f1ecbae611fde87179531aecd5c9e72debecc981005bd8
tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm SHA-256: f340f37ba7d3e9252b45e1644bdb482cbba952c792e15c7491039ebfd5103553
tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: dd25c6897a00de2349af842304641f83924264457e43375347114e6844922d0b
tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: e226928c0e8330bb6a5ea9865a66278b88f6de2fd7a45452a654b1e5e46028bd
tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 99909445a22754831e41432eea68a16c4f85cc2dd759620ae9c3402ca54768e4
tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: c225793418d9fb101b661ee8f9483580c39e9b9a12e5fb5abc5099158d0bcc06
tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 2096fc49a2fb3e1504974a44b5059ab5b88afb510f314ab1e5c77f1ec06aee18

Red Hat Enterprise Linux for Power, little endian 8

SRPM
tomcat-9.0.62-27.el8_9.2.src.rpm SHA-256: 8205cd854c77c97a763a744cb0a1bb3e98456bacbbd008d3d5293c5f467430b0
ppc64le
tomcat-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 3a8860f1f112c718b4a1487cf6d1af9d8b4caad318cd95ed3050c84c02cefe38
tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: a2539f5d0a76037d04f1ecbae611fde87179531aecd5c9e72debecc981005bd8
tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm SHA-256: f340f37ba7d3e9252b45e1644bdb482cbba952c792e15c7491039ebfd5103553
tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: dd25c6897a00de2349af842304641f83924264457e43375347114e6844922d0b
tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: e226928c0e8330bb6a5ea9865a66278b88f6de2fd7a45452a654b1e5e46028bd
tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 99909445a22754831e41432eea68a16c4f85cc2dd759620ae9c3402ca54768e4
tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: c225793418d9fb101b661ee8f9483580c39e9b9a12e5fb5abc5099158d0bcc06
tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 2096fc49a2fb3e1504974a44b5059ab5b88afb510f314ab1e5c77f1ec06aee18

Red Hat Enterprise Linux for ARM 64 8

SRPM
tomcat-9.0.62-27.el8_9.2.src.rpm SHA-256: 8205cd854c77c97a763a744cb0a1bb3e98456bacbbd008d3d5293c5f467430b0
aarch64
tomcat-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 3a8860f1f112c718b4a1487cf6d1af9d8b4caad318cd95ed3050c84c02cefe38
tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: a2539f5d0a76037d04f1ecbae611fde87179531aecd5c9e72debecc981005bd8
tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm SHA-256: f340f37ba7d3e9252b45e1644bdb482cbba952c792e15c7491039ebfd5103553
tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: dd25c6897a00de2349af842304641f83924264457e43375347114e6844922d0b
tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: e226928c0e8330bb6a5ea9865a66278b88f6de2fd7a45452a654b1e5e46028bd
tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 99909445a22754831e41432eea68a16c4f85cc2dd759620ae9c3402ca54768e4
tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm SHA-256: c225793418d9fb101b661ee8f9483580c39e9b9a12e5fb5abc5099158d0bcc06
tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm SHA-256: 2096fc49a2fb3e1504974a44b5059ab5b88afb510f314ab1e5c77f1ec06aee18

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility