An update for tomcat is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1641 Final 1.0 1.0 2025-06-13 Initial 2025-06-13 2025-06-13 openEuler SA Tool V1.0 2025-06-13 tomcat security update An update for tomcat is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fix(es): A vulnerability was found in Apache Tomcat up to 9.0.104/10.1.40/11.0.6 (Application Server Software) and classified as critical.Using CWE to declare the problem leads to CWE-178. The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.Impacted is integrity.Upgrading to version 9.0.105, 10.1.41 or 11.0.7 eliminates this vulnerability.(CVE-2025-46701) An update for tomcat is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High tomcat https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1641 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-46701 https://nvd.nist.gov/vuln/detail/CVE-2025-46701 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 tomcat-9.0.100-3.oe2403.noarch.rpm tomcat-help-9.0.100-3.oe2403.noarch.rpm tomcat-jsvc-9.0.100-3.oe2403.noarch.rpm tomcat-9.0.100-3.oe2403sp1.noarch.rpm tomcat-help-9.0.100-3.oe2403sp1.noarch.rpm tomcat-jsvc-9.0.100-3.oe2403sp1.noarch.rpm tomcat-9.0.100-3.oe2003sp4.noarch.rpm tomcat-help-9.0.100-3.oe2003sp4.noarch.rpm tomcat-jsvc-9.0.100-3.oe2003sp4.noarch.rpm tomcat-9.0.100-3.oe2203sp3.noarch.rpm tomcat-help-9.0.100-3.oe2203sp3.noarch.rpm tomcat-jsvc-9.0.100-3.oe2203sp3.noarch.rpm tomcat-9.0.100-3.oe2203sp4.noarch.rpm tomcat-help-9.0.100-3.oe2203sp4.noarch.rpm tomcat-jsvc-9.0.100-3.oe2203sp4.noarch.rpm tomcat-9.0.100-3.oe2403.src.rpm tomcat-9.0.100-3.oe2403sp1.src.rpm tomcat-9.0.100-3.oe2003sp4.src.rpm tomcat-9.0.100-3.oe2203sp3.src.rpm tomcat-9.0.100-3.oe2203sp4.src.rpm A vulnerability was found in Apache Tomcat up to 9.0.104/10.1.40/11.0.6 (Application Server Software) and classified as critical.Using CWE to declare the problem leads to CWE-178. The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.Impacted is integrity.Upgrading to version 9.0.105, 10.1.41 or 11.0.7 eliminates this vulnerability. 2025-06-13 CVE-2025-46701 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L tomcat security update 2025-06-13 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1641