{"schema_version":"1.7.2","id":"OESA-2025-1814","modified":"2025-07-11T12:24:25Z","published":"2025-07-11T12:24:25Z","upstream":["CVE-2025-48976"],"summary":"tomcat security update","details":"Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process.\r\n\r\nSecurity Fix(es):\n\nAllocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\n\nThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\n\nUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.(CVE-2025-48976)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"tomcat","purl":"pkg:rpm/openEuler/tomcat\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.100-5.oe2403"}]}],"ecosystem_specific":{"noarch":["tomcat-9.0.100-5.oe2403.noarch.rpm","tomcat-help-9.0.100-5.oe2403.noarch.rpm","tomcat-jsvc-9.0.100-5.oe2403.noarch.rpm"],"src":["tomcat-9.0.100-5.oe2403.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1814"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48976"}],"database_specific":{"severity":"High"}}