The Apache Software Foundation released security updates to address multiple vulnerabilities in the Apache Tomcat.

Affected Systems:

The affected systems and versions include, but are not limited to:

Apache Tomcat

• 9.x, from version 9.0.0-M1 to 9.0.98

• 10.x, from version 10.1.0-M1 to 10.1.34

• 11.x, from version 11.0.0-M1 to 11.0.2

Please refer to the official Apache Software Foundation website for a complete list of the security patches that have been released.

Security Risks

The successful exploitation of vulnerabilities in Apache software poses a significant security risk, allowing cybercriminals to escalate privileges, execute arbitrary code, and disrupt or compromise the affected systems.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

• Follow the Apache Software Foundation Security update to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

The released software versions for upgrade include, but are not limited to:

• https://tomcat.apache.org/download-11.cgi#11.0.3

• https://tomcat.apache.org/download-10.cgi#10.1.35

• https://tomcat.apache.org/download-90.cgi#9.0.99

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq

• https://tomcat.apache.org/security-11.html

• https://tomcat.apache.org/security-10.html

• https://tomcat.apache.org/security-9.html