ID

VAR-202005-1052


CVE

CVE-2020-9484


TITLE

Red Hat Security Advisory 2020-2487-01

Trust: 0.1

sources: PACKETSTORM: 158030

DESCRIPTION

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Description: Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2020:2530-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2530 Issue date: 2020-06-11 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr UqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy QjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt AxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp Lf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy U6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1 whBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0 jAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU 8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK mytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5 VtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o yI/DufEuzcM\xbfNT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2020-11996) It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. (CVE-2020-13934) It was discovered that Tomcat did not properly validate the payload length in a WebSocket frame. (CVE-2020-13935) It was discovered that Tomcat did not properly deserialize untrusted data. For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u2. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8 TjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW 1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE mpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO 0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG 2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI 9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv REID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L tTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5 RtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2 iG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS bTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU= =E8Ei -----END PGP SIGNATURE----- . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c 1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence) 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy 1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2046279 - CVE-2022-22932 karaf: path traversal flaws 2046282 - CVE-2021-41766 karaf: insecure java deserialization 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability 2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting 2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096) 2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file 2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31 2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part 2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor 2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization 5. ========================================================================== Ubuntu Security Notice USN-6943-1 August 01, 2024 tomcat8, tomcat9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Tomcat. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484) It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-25122) Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS packets. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-41079) Trung Pham discovered that a race condition existed in Tomcat when handling session files with FileStore. A remote attacker could possibly use this issue to execute arbitrary code. This issue affected tomcat8 for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS (CVE-2022-23181) It was discovered that Tomcat's documentation incorrectly stated that EncryptInterceptor provided availability protection when running over an untrusted network. A remote attacker could possibly use this issue to cause a denial of service even if EncryptInterceptor was being used. This issue affected tomcat8 for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-29885) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS tomcat9-docs 9.0.58-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libtomcat9-java 9.0.31-1ubuntu0.6 tomcat9 9.0.31-1ubuntu0.6 tomcat9-docs 9.0.31-1ubuntu0.6 Ubuntu 18.04 LTS libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat8 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat8-docs 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat9 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat9-docs 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libtomcat8-java 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro tomcat8 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes

Trust: 1.89

sources: NVD: CVE-2020-9484 // VULHUB: VHN-187609 // PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158621 // PACKETSTORM: 158761 // PACKETSTORM: 158049 // PACKETSTORM: 158032 // PACKETSTORM: 159666 // PACKETSTORM: 168857 // PACKETSTORM: 167841 // PACKETSTORM: 179893

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:oraclemodel:communications element managerscope:gteversion:8.2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:transportation managementscope:eqversion:6.3.7

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:9.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:8.5.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.5

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:7.0.108

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:fmw platformscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:workload managerscope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:21c

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:7.0.0

Trust: 1.0

vendor:oraclemodel:workload managerscope:eqversion:18c

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:5.9.0

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:9.0.43

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:communications instant messaging serverscope:eqversion:10.0.1.4.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:workload managerscope:eqversion:19c

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.4.0.5

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:20.12

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:8.5.63

Trust: 1.0

vendor:oraclemodel:communications element managerscope:lteversion:8.2.2

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:5.9.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:gteversion:17.1

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:19c

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:10.0.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:lteversion:17.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:9.0.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.21

Trust: 1.0

vendor:oraclemodel:fmw platformscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:5.10.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:lteversion:8.2.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:oraclemodel:siebel apps - marketingscope:lteversion:21.9

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2020-9484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9484
value: HIGH

Trust: 1.0

VULHUB: VHN-187609
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9484
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-187609
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9484
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-187609 // NVD: CVE-2020-9484

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.1

sources: VULHUB: VHN-187609 // NVD: CVE-2020-9484

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 158761 // PACKETSTORM: 179893

TYPE

code execution

Trust: 0.5

sources: PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158621 // PACKETSTORM: 158032 // PACKETSTORM: 168857

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-187609

EXTERNAL IDS

db:NVDid:CVE-2020-9484

Trust: 2.1

db:PACKETSTORMid:157924

Trust: 1.1

db:MCAFEEid:SB10332

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2021/03/01/2

Trust: 1.1

db:PACKETSTORMid:158029

Trust: 0.2

db:PACKETSTORMid:158030

Trust: 0.2

db:PACKETSTORMid:158761

Trust: 0.2

db:PACKETSTORMid:167841

Trust: 0.2

db:PACKETSTORMid:158032

Trust: 0.2

db:PACKETSTORMid:158049

Trust: 0.2

db:PACKETSTORMid:159666

Trust: 0.2

db:PACKETSTORMid:158621

Trust: 0.2

db:PACKETSTORMid:158034

Trust: 0.1

db:PACKETSTORMid:158050

Trust: 0.1

db:PACKETSTORMid:158103

Trust: 0.1

db:SEEBUGid:SSVID-98234

Trust: 0.1

db:CNVDid:CNVD-2020-34449

Trust: 0.1

db:CNNVDid:CNNVD-202005-1078

Trust: 0.1

db:VULHUBid:VHN-187609

Trust: 0.1

db:PACKETSTORMid:168857

Trust: 0.1

db:PACKETSTORMid:179893

Trust: 0.1

sources: VULHUB: VHN-187609 // PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158621 // PACKETSTORM: 158761 // PACKETSTORM: 158049 // PACKETSTORM: 158032 // PACKETSTORM: 159666 // PACKETSTORM: 168857 // PACKETSTORM: 167841 // PACKETSTORM: 179893 // NVD: CVE-2020-9484

REFERENCES

url:https://security.netapp.com/advisory/ntap-20200528-0005/

Trust: 1.1

url:https://www.debian.org/security/2020/dsa-4727

Trust: 1.1

url:http://seclists.org/fulldisclosure/2020/jun/6

Trust: 1.1

url:https://security.gentoo.org/glsa/202006-21

Trust: 1.1

url:http://packetstormsecurity.com/files/157924/apache-tomcat-cve-2020-9484-proof-of-concept.html

Trust: 1.1

url:https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3cannounce.tomcat.apache.org%3e

Trust: 1.1

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2021/03/01/2

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html

Trust: 1.1

url:https://usn.ubuntu.com/4448-1/

Trust: 1.1

url:https://usn.ubuntu.com/4596-1/

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 1.0

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10332

Trust: 1.0

url:https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/

Trust: 1.0

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13935

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-11996

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13934

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10332

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/

Trust: 0.1

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3cusers.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3cusers.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cusers.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3cusers.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3cusers.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3cusers.tomcat.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3ccommits.tomee.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3ccommits.tomee.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3ccommits.tomee.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3ccommits.tomee.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3ccommits.tomee.apache.org%3e

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2487

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=3.1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2483

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3017

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_support_for_spring_boot/2.1/html-single/release_notes_for_spring_boot_2.1/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1714

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.spring.boot&version=2.1.15

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1714

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.13

Trust: 0.1

url:https://usn.ubuntu.com/4448-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1935

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2530

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2506

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.1

Trust: 0.1

url:https://usn.ubuntu.com/4596-1

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/tomcat9

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6943-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41079

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.6

Trust: 0.1

sources: VULHUB: VHN-187609 // PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158621 // PACKETSTORM: 158761 // PACKETSTORM: 158049 // PACKETSTORM: 158032 // PACKETSTORM: 159666 // PACKETSTORM: 168857 // PACKETSTORM: 167841 // PACKETSTORM: 179893 // NVD: CVE-2020-9484

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158621 // PACKETSTORM: 158049 // PACKETSTORM: 158032 // PACKETSTORM: 167841

SOURCES

db:VULHUBid:VHN-187609
db:PACKETSTORMid:158030
db:PACKETSTORMid:158029
db:PACKETSTORMid:158621
db:PACKETSTORMid:158761
db:PACKETSTORMid:158049
db:PACKETSTORMid:158032
db:PACKETSTORMid:159666
db:PACKETSTORMid:168857
db:PACKETSTORMid:167841
db:PACKETSTORMid:179893
db:NVDid:CVE-2020-9484

LAST UPDATE DATE

2024-11-07T20:26:04.642000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-187609date:2022-07-25T00:00:00
db:NVDid:CVE-2020-9484date:2023-11-07T03:26:54.770

SOURCES RELEASE DATE

db:VULHUBid:VHN-187609date:2020-05-20T00:00:00
db:PACKETSTORMid:158030date:2020-06-11T16:33:05
db:PACKETSTORMid:158029date:2020-06-11T16:32:58
db:PACKETSTORMid:158621date:2020-07-27T18:44:59
db:PACKETSTORMid:158761date:2020-08-05T15:19:31
db:PACKETSTORMid:158049date:2020-06-11T16:36:30
db:PACKETSTORMid:158032date:2020-06-11T16:33:22
db:PACKETSTORMid:159666date:2020-10-21T15:52:39
db:PACKETSTORMid:168857date:2020-07-28T19:12:00
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:PACKETSTORMid:179893date:2024-08-02T16:04:27
db:NVDid:CVE-2020-9484date:2020-05-20T19:15:09.257