• Open Source Consulting Services

    With open source consulting services from OpenLogic, you get unbiased, actionable advice to accelerate your success with open source software.

  • Apache Tomcat Overview

    Read our overview of Apache Tomcat, including resources that can help teams optimize and improve their deployments.

  • Apache Tomcat Security Best Practices

    Our Tomcat expert outlines their top Apache Tomcat security best practices, including eight tips for Tomcat security hardening.

  • Tracking Tomcat CVEs: How to Protect Your App From Exploits

    Are unpatched Tomcat vulnerabilities putting your business at risk? Learn about the latest Tomcat CVEs, the cost of exploits, and how LTS can secure your applications.

  • Untangling Spring Dependencies in Legacy Environments

    In legacy Spring environments, transitive dependencies, deprecated APIs, and shifting namespaces can complicate migration paths. Find out how to regain control through dependency

  • CVE-2017-7500

    OL CVE Issue Summary:

    rpm uses temporary files with predictable names when installing an RPM. An attacker with the ability to write in a directory where files will be installed could create symbolic links to an arbitrary location, modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

    CVE-2017-7500
    CentOS 7
    rpm-4.11.3-48_ol002.el7
    7.8

  • CVE-2016-4483

    OL CVE Issue Summary:

    xmlBufAttrSerializeTxtContent() in xmlsave.c in allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a non-UTF-8 attribute value, related to serialization. entities.c:xmlEncodeEntitiesInternal() triggers a heap-buffer-overflow read with a crafted XML payload.

    CVE-2016-4483
    CentOS 7
    libxml2-2.9.1-6_ol011.el7.6
    7.5

  • CVE-2021-3517

    OL CVE Issue Summary:

    xmlBufAttrSerializeTxtContent() in xmlsave.c in allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a non-UTF-8 attribute value, related to serialization. entities.c:xmlEncodeEntitiesInternal() triggers a heap-buffer-overflow read with a crafted XML payload.

    CVE-2021-3517
    CentOS 7
    libxml2-2.9.1-6_ol011.el7.6
    8.6

  • CVE-2025-31651

    OL CVE Issue Summary:

    Prevent path traversal vulnerability is fixed through improved validation of rewrite rules and encoded special characters. Enhanced security by properly encoding literal characters to prevent malicious path manipulation. Also strengthen URL rewriting to prevent attackers from bypassing path normalization and accessing unauthorized resources.

    CVE-2025-31651
    Tomcat
    8.5.109-OL
    9.8