Linuxsecurity
SUSE Releases Critical Security Patch for Tomcat 11 Addressing Multiple Vulnerabilities
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On March 12, 2026, SUSE issued a critical security update for Tomcat 11.0.18 to address several vulnerabilities, including CVE-2025-66614, CVE-2026-24733, and CVE-2026-24734. The vulnerabilities include a client certificate verification bypass, improper input validation on HTTP/0.9 requests, and a certificate revocation bypass due to incomplete OCSP verification checks. These vulnerabilities could potentially allow attackers to exploit affected systems, leading to unauthorized access and data compromise. The update is crucial for users of SUSE Linux Enterprise Server and openSUSE, particularly those running web applications on Tomcat. Administrators are advised to apply the patches immediately using SUSE's recommended installation methods. The vulnerabilities were initially published between January and February 2026, highlighting the urgency of the patch. Failure to update could leave systems vulnerable to exploitation.
Key Points: • SUSE released a critical patch for Tomcat 11.0.18 on March 12, 2026. • The update addresses multiple vulnerabilities, including CVE-2025-66614 and CVE-2026-24734. • Affected systems include SUSE Linux Enterprise Server and openSUSE running Tomcat.