SUSE Releases Critical Security Patch for Tomcat 11 Addressing Multiple Vulnerabilities

SUSE Releases Critical Security Patch for Tomcat 11 Addressing Multiple Vulnerabilities

First seen 12 Mar 2026, 17:43 UTC Linuxsecurity 93% similarity 72.0

Article Content

Browse articles
ThreatCluster

On March 12, 2026, SUSE issued a critical security update for Tomcat 11.0.18 to address several vulnerabilities, including CVE-2025-66614, CVE-2026-24733, and CVE-2026-24734. The vulnerabilities include a client certificate verification bypass, improper input validation on HTTP/0.9 requests, and a certificate revocation bypass due to incomplete OCSP verification checks. These vulnerabilities could potentially allow attackers to exploit affected systems, leading to unauthorized access and data compromise. The update is crucial for users of SUSE Linux Enterprise Server and openSUSE, particularly those running web applications on Tomcat. Administrators are advised to apply the patches immediately using SUSE's recommended installation methods. The vulnerabilities were initially published between January and February 2026, highlighting the urgency of the patch. Failure to update could leave systems vulnerable to exploitation.

Key Points: • SUSE released a critical patch for Tomcat 11.0.18 on March 12, 2026. • The update addresses multiple vulnerabilities, including CVE-2025-66614 and CVE-2026-24734. • Affected systems include SUSE Linux Enterprise Server and openSUSE running Tomcat.

ThreatCluster AI

Timeline

2026-01-13
CVE-2026-0877 published
2026-02-17
CVE-2025-66614, CVE-2026-24733, CVE-2026-24734 published
2026-03-12
SUSE releases critical patch for Tomcat 11.0.18

Community

Browse all →