SUSE-SU-2026:1058-1
Advisory lineage Upstream: 43 Downstream: 0
Published: 26 Mar 2026, 09:46
Last modified:27 Mar 2026, 08:48
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Mar 2026, 09:46
Published
Vulnerability first disclosed
27 Mar 2026, 08:48
Last Modified
Vulnerability information updated
Description
Security update for tomcat This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-48989: HTTP/2 protocol (including DNS over HTTPS) is vulnerable to 'MadeYouReset' DoS attack (bsc#1243895). - CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM crash (bsc#1246389). - CVE-2025-53506: uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318). - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2023-44487: Rapid reset attack (bsc#1216182).
Affected Systems
- suse•tomcat&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
< 9.0.115-3.160.1
- suse•tomcat&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
< 9.0.115-3.160.1
References (51)
- https://www.suse.com/support/update/announcement/2026/suse-su-20261058-1/
- https://bugzilla.suse.com/1216182
- https://bugzilla.suse.com/1243895
- https://bugzilla.suse.com/1246318
- https://bugzilla.suse.com/1246389
- https://bugzilla.suse.com/1258371
- https://bugzilla.suse.com/1258385
- https://bugzilla.suse.com/1259224
- https://www.suse.com/security/cve/CVE-2020-13934
- https://www.suse.com/security/cve/CVE-2020-13935
- https://www.suse.com/security/cve/CVE-2020-13943
- https://www.suse.com/security/cve/CVE-2020-17527
- https://www.suse.com/security/cve/CVE-2021-24122
- https://www.suse.com/security/cve/CVE-2021-25122
- https://www.suse.com/security/cve/CVE-2021-25329
- https://www.suse.com/security/cve/CVE-2021-30640
- https://www.suse.com/security/cve/CVE-2021-33037
- https://www.suse.com/security/cve/CVE-2021-41079
- https://www.suse.com/security/cve/CVE-2021-43980
- https://www.suse.com/security/cve/CVE-2022-23181
- https://www.suse.com/security/cve/CVE-2022-42252
- https://www.suse.com/security/cve/CVE-2023-24998
- https://www.suse.com/security/cve/CVE-2023-28708
- https://www.suse.com/security/cve/CVE-2023-28709
- https://www.suse.com/security/cve/CVE-2023-41080
- https://www.suse.com/security/cve/CVE-2023-42795
- https://www.suse.com/security/cve/CVE-2023-44487
- https://www.suse.com/security/cve/CVE-2023-45468
- https://www.suse.com/security/cve/CVE-2023-46589
- https://www.suse.com/security/cve/CVE-2024-21733
- https://www.suse.com/security/cve/CVE-2024-23672
- https://www.suse.com/security/cve/CVE-2024-24549
- https://www.suse.com/security/cve/CVE-2024-34750
- https://www.suse.com/security/cve/CVE-2024-38286
- https://www.suse.com/security/cve/CVE-2024-50379
- https://www.suse.com/security/cve/CVE-2024-52316
- https://www.suse.com/security/cve/CVE-2024-54677
- https://www.suse.com/security/cve/CVE-2025-24813
- https://www.suse.com/security/cve/CVE-2025-31651
- https://www.suse.com/security/cve/CVE-2025-46701
- https://www.suse.com/security/cve/CVE-2025-48988
- https://www.suse.com/security/cve/CVE-2025-48989
- https://www.suse.com/security/cve/CVE-2025-49125
- https://www.suse.com/security/cve/CVE-2025-52434
- https://www.suse.com/security/cve/CVE-2025-52520
- https://www.suse.com/security/cve/CVE-2025-53506
- https://www.suse.com/security/cve/CVE-2025-55752
- https://www.suse.com/security/cve/CVE-2025-55754
- https://www.suse.com/security/cve/CVE-2025-61795
- https://www.suse.com/security/cve/CVE-2025-66614
- https://www.suse.com/security/cve/CVE-2026-24733