What is RHSA-2024:0125?

RHSA-2024:0125 is a security advisory published by Red Hat Product Security with Medium severity. Red Hat Security Advisory: tomcat security update

Which CVE IDs does RHSA-2024:0125 cover?

RHSA-2024:0125 covers the following CVE IDs: CVE-2023-45648, CVE-2023-41080, CVE-2023-42794, CVE-2023-42795. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2024:0125?

RHSA-2024:0125 has a CVSS v3 base score of 6.1, published by Red Hat Product Security.

RHSA-2024:0125MediumCVSS 6.1

Red Hat Security Advisory: tomcat security update

Vendor

Red Hat Product Security

Published

January 10, 2024

Last Modified

May 29, 2026

🔗 CVE IDs covered (4)

CVE-2023-45648 →CVE-2023-41080 →CVE-2023-42794 →CVE-2023-42795 →

📋 Description

CVE-2023-41080 — tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-42794 — tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42795 — tomcat: improper cleaning of recycled objects could lead to information leak CVE-2023-45648 — tomcat: incorrectly parsed http trailer headers can cause request smuggling

🔗 References (7)

selfhttps://access.redhat.com/errata/RHSA-2024:0125
externalhttps://access.redhat.com/security/updates/classification/#moderate
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2235370
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243749
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243751
externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243752
selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0125.json