------------------------------------------------------------------------- Debian LTS Advisory DLA-4108-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany April 02, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tomcat9 Version : 9.0.43-2~deb11u12 CVE ID : CVE-2025-24813 A security vulnerability was found in Tomcat 9, a Java based web server and servlet engine. A malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled (default). Under certain circumstances, depending on the application in use, remote code execution may have been possible. For Debian 11 bullseye, this problem has been fixed in version 9.0.43-2~deb11u12. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part