ID

VAR-202005-1052


CVE

CVE-2020-9484


TITLE

Apache Tomcat Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202005-1078

DESCRIPTION

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat's use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484) The fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329). The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 5. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2020:2530-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2530 Issue date: 2020-06-11 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.76-12.el7_8.src.rpm noarch: tomcat-7.0.76-12.el7_8.noarch.rpm tomcat-admin-webapps-7.0.76-12.el7_8.noarch.rpm tomcat-el-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-jsp-2.2-api-7.0.76-12.el7_8.noarch.rpm tomcat-lib-7.0.76-12.el7_8.noarch.rpm tomcat-servlet-3.0-api-7.0.76-12.el7_8.noarch.rpm tomcat-webapps-7.0.76-12.el7_8.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.76-12.el7_8.noarch.rpm tomcat-javadoc-7.0.76-12.el7_8.noarch.rpm tomcat-jsvc-7.0.76-12.el7_8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuH9rtzjgjWX9erEAQiuZA/7BY8EEQxcPpMTuZ1szv08nHLdHOShDyEr UqhsbGTHUgsqb+cIwbOJrz3nn66y4S/5MIDyUUI/77t5/z/LR8rD7zM+6mPcQyVy QjSTPH8xiVNq4CyMCJggmsb+jecS5BHRDEhHKjEyuqWCx9wJlQQTTFMvlUBypXLt AxJqARUjSFmgxSdjbZDhDIzpNH5RR0lyKCuHf9yd+X9FNomFEAFIjLz6oSXDiMYp Lf4YPas24BmF7CXTajzecKM2PZZEehtNVFFQLi96APXLQq8uZBw+8d4gTSq7SEsy U6MZm3R+1Lp9BgGgxD80dRDoAIFL1KNRKJnRUPan+SSKYLPkU2dOwdPVd2t4OxY1 whBcfo8z6zsGTHIxXu7756/AUYhBkvrI2CVOp1tzM+SMDlLkJL9eBuTbXw98ipI0 jAUKlqxksz///7ZCWugsLt9VhDZRSXUSk7JQ4ASQ9bQFouzsUiEv0MSTRW+ym9HU 8/FjgG/yznR3DrHOjKVY++Dw2LUg2lv/viBVjCl2h9lZoULK3eBwIUJ0fOYCRUOK mytOuin4i+pI+jHCm/W91sK+piAB5yirVpqra98zXaDGayN+V6mdTr3omPsNDMP5 VtOWpWiInHKmeN1cErONkxeAT/zHdFagRXEhqbnArSoZIC/SV4KrykDGHw+ldO/o yI/DufEuzcM\xbfNT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/tomcat < 7.0.104:7 >= 7.0.104:7 < 8.5.55:8.5 >= 8.5.55:8.5 Description =========== Apache Tomcat improperly handles deserialization of files under specific circumstances. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Tomcat 7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.104" All Apache Tomcat 8.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.55" References ========== [ 1 ] CVE-2020-9484 https://nvd.nist.gov/vuln/detail/CVE-2020-9484 [ 2 ] Upstream advisory (7) https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104 [ 3 ] Upstream advisory (8.5) https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202006-21 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6943-1 August 01, 2024 tomcat8, tomcat9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Tomcat. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484) It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-25122) Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS packets. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-41079) Trung Pham discovered that a race condition existed in Tomcat when handling session files with FileStore. A remote attacker could possibly use this issue to execute arbitrary code. This issue affected tomcat8 for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS (CVE-2022-23181) It was discovered that Tomcat's documentation incorrectly stated that EncryptInterceptor provided availability protection when running over an untrusted network. A remote attacker could possibly use this issue to cause a denial of service even if EncryptInterceptor was being used. This issue affected tomcat8 for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-29885) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS tomcat9-docs 9.0.58-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libtomcat9-java 9.0.31-1ubuntu0.6 tomcat9 9.0.31-1ubuntu0.6 tomcat9-docs 9.0.31-1ubuntu0.6 Ubuntu 18.04 LTS libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat8 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat8-docs 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat9 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat9-docs 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libtomcat8-java 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro tomcat8 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes

Trust: 1.8

sources: NVD: CVE-2020-9484 // VULHUB: VHN-187609 // VULMON: CVE-2020-9484 // PACKETSTORM: 163798 // PACKETSTORM: 158029 // PACKETSTORM: 158049 // PACKETSTORM: 158032 // PACKETSTORM: 158103 // PACKETSTORM: 167841 // PACKETSTORM: 179893 // PACKETSTORM: 179696

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:oraclemodel:communications element managerscope:gteversion:8.2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:transportation managementscope:eqversion:6.3.7

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:9.0.1

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:8.5.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.5

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:7.0.108

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:fmw platformscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:workload managerscope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:21c

Trust: 1.0

vendor:apachemodel:tomcatscope:gteversion:7.0.0

Trust: 1.0

vendor:oraclemodel:workload managerscope:eqversion:18c

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:5.9.0

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:9.0.43

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:communications instant messaging serverscope:eqversion:10.0.1.4.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:workload managerscope:eqversion:19c

Trust: 1.0

vendor:oraclemodel:managed file transferscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.4.0.5

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:20.12

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:apachemodel:tomcatscope:ltversion:8.5.63

Trust: 1.0

vendor:oraclemodel:communications element managerscope:lteversion:8.2.2

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:5.9.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:gteversion:17.1

Trust: 1.0

vendor:oraclemodel:databasescope:eqversion:19c

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:10.0.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:lteversion:17.3

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:9.0.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.21

Trust: 1.0

vendor:oraclemodel:fmw platformscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:5.10.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:lteversion:8.2.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:oraclemodel:siebel apps - marketingscope:lteversion:21.9

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2020-9484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9484
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202005-1078
value: HIGH

Trust: 0.6

VULHUB: VHN-187609
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9484
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9484
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-187609
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9484
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-187609 // VULMON: CVE-2020-9484 // CNNVD: CNNVD-202005-1078 // NVD: CVE-2020-9484

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.1

sources: VULHUB: VHN-187609 // NVD: CVE-2020-9484

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1078

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-1078

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-187609

PATCH

title:Apache Tomcat Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=120592

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202509 - Security Advisory

Trust: 0.1

title:Red Hat: Important: tomcat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202530 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202506 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202487 - Security Advisory

Trust: 0.1

title:Red Hat: Important: tomcat6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202529 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202483 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: tomcat9: CVE-2020-9484url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cc55062b1693f83a222063668ffd932c

Trust: 0.1

title:Red Hat: Important: Red Hat support for Spring Boot 2.1.15 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203017 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1389url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1389

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1390url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1390

Trust: 0.1

title:Arch Linux Advisories: [ASA-202006-5] tomcat8: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202006-5

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1449url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1449

Trust: 0.1

title:Arch Linux Advisories: [ASA-202006-7] tomcat9: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202006-7

Trust: 0.1

title:Arch Linux Advisories: [ASA-202005-19] tomcat7: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-19

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1493url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1493

Trust: 0.1

title:Amazon Linux 2: ALASTOMCAT8.5-2023-008url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASTOMCAT8.5-2023-008

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1491url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1491

Trust: 0.1

title:Arch Linux Advisories: [ASA-202005-18] tomcat9: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-18

Trust: 0.1

title:Arch Linux Advisories: [ASA-202006-6] tomcat7: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202006-6

Trust: 0.1

title:Arch Linux Advisories: [ASA-202005-20] tomcat8: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-20

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-9484 log

Trust: 0.1

title:Debian Security Advisories: DSA-4727-1 tomcat9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=948379f644728cd78397969845b23817

Trust: 0.1

title:Debian Security Advisories: DSA-5265-1 tomcat9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5ff46eee51fe9c568d7579825e9f7646

Trust: 0.1

title:Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5360-1

Trust: 0.1

title:Amazon Linux 2: ALASTOMCAT8.5-2023-009url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASTOMCAT8.5-2023-009

Trust: 0.1

title:IBM: Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphonyurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b4bdf241c7e678e09423e98e7d3134b8

Trust: 0.1

title:IBM: Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Centerurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=6625900b3dffe0c4351300480ad4824f

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.11.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225532 - Security Advisory

Trust: 0.1

title:https://github.com/osamahamad/CVE-2020-9484-Mass-Scanurl:https://github.com/osamahamad/CVE-2020-9484-Mass-Scan

Trust: 0.1

title:https://github.com/anjai94/CVE-2020-9484-exploiturl:https://github.com/anjai94/CVE-2020-9484-exploit

Trust: 0.1

title:CVE-2020-9484url:https://github.com/DXY0411/CVE-2020-9484

Trust: 0.1

title:CVE-2020-9484url:https://github.com/AssassinUKG/CVE-2020-9484

Trust: 0.1

title:summaryurl:https://github.com/Catbamboo/Catbamboo.github.io

Trust: 0.1

sources: VULMON: CVE-2020-9484 // CNNVD: CNNVD-202005-1078

EXTERNAL IDS

db:NVDid:CVE-2020-9484

Trust: 2.6

db:MCAFEEid:SB10332

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/03/01/2

Trust: 1.7

db:PACKETSTORMid:157924

Trust: 1.1

db:PACKETSTORMid:167841

Trust: 0.8

db:PACKETSTORMid:158103

Trust: 0.8

db:PACKETSTORMid:158761

Trust: 0.7

db:PACKETSTORMid:159666

Trust: 0.7

db:PACKETSTORMid:158050

Trust: 0.7

db:PACKETSTORMid:158621

Trust: 0.7

db:CNNVDid:CNNVD-202005-1078

Trust: 0.7

db:AUSCERTid:ESB-2020.2554

Trust: 0.6

db:AUSCERTid:ESB-2021.0742

Trust: 0.6

db:AUSCERTid:ESB-2022.0993

Trust: 0.6

db:AUSCERTid:ESB-2021.0938

Trust: 0.6

db:AUSCERTid:ESB-2020.2110

Trust: 0.6

db:AUSCERTid:ESB-2020.2046

Trust: 0.6

db:AUSCERTid:ESB-2020.1887

Trust: 0.6

db:AUSCERTid:ESB-2020.2447

Trust: 0.6

db:AUSCERTid:ESB-2020.3547

Trust: 0.6

db:AUSCERTid:ESB-2020.3628

Trust: 0.6

db:AUSCERTid:ESB-2022.1404

Trust: 0.6

db:AUSCERTid:ESB-2020.1793

Trust: 0.6

db:AUSCERTid:ESB-2020.2362

Trust: 0.6

db:AUSCERTid:ESB-2021.2261

Trust: 0.6

db:AUSCERTid:ESB-2021.1130

Trust: 0.6

db:AUSCERTid:ESB-2020.2670

Trust: 0.6

db:AUSCERTid:ESB-2020.2089

Trust: 0.6

db:AUSCERTid:ESB-2021.2731

Trust: 0.6

db:AUSCERTid:ESB-2020.1837

Trust: 0.6

db:NSFOCUSid:46749

Trust: 0.6

db:CS-HELPid:SB2022040522

Trust: 0.6

db:CS-HELPid:SB2021072123

Trust: 0.6

db:CS-HELPid:SB2021063003

Trust: 0.6

db:CS-HELPid:SB2022030854

Trust: 0.6

db:PACKETSTORMid:158029

Trust: 0.2

db:PACKETSTORMid:158032

Trust: 0.2

db:PACKETSTORMid:158049

Trust: 0.2

db:PACKETSTORMid:158030

Trust: 0.1

db:PACKETSTORMid:158034

Trust: 0.1

db:SEEBUGid:SSVID-98234

Trust: 0.1

db:CNVDid:CNVD-2020-34449

Trust: 0.1

db:VULHUBid:VHN-187609

Trust: 0.1

db:VULMONid:CVE-2020-9484

Trust: 0.1

db:PACKETSTORMid:163798

Trust: 0.1

db:PACKETSTORMid:179893

Trust: 0.1

db:PACKETSTORMid:179696

Trust: 0.1

sources: VULHUB: VHN-187609 // VULMON: CVE-2020-9484 // PACKETSTORM: 163798 // PACKETSTORM: 158029 // PACKETSTORM: 158049 // PACKETSTORM: 158032 // PACKETSTORM: 158103 // PACKETSTORM: 167841 // PACKETSTORM: 179893 // PACKETSTORM: 179696 // CNNVD: CNNVD-202005-1078 // NVD: CVE-2020-9484

REFERENCES

url:http://packetstormsecurity.com/files/157924/apache-tomcat-cve-2020-9484-proof-of-concept.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.3

url:https://security.gentoo.org/glsa/202006-21

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200528-0005/

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4727

Trust: 1.7

url:http://seclists.org/fulldisclosure/2020/jun/6

Trust: 1.7

url:https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3cannounce.tomcat.apache.org%3e

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/03/01/2

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html

Trust: 1.7

url:https://usn.ubuntu.com/4448-1/

Trust: 1.7

url:https://usn.ubuntu.com/4596-1/

Trust: 1.7

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10332

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 1.3

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 1.1

url:https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3ccommits.tomee.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cusers.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/

Trust: 0.7

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3cdev.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3cusers.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3cusers.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cusers.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3cusers.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3cusers.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3cusers.tomcat.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3ccommits.tomee.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3ccommits.tomee.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3ccommits.tomee.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3ccommits.tomee.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3ccommits.tomee.apache.org%3e

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2021.0938

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3547/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3628/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/46749

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2089/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2110/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2362/

Trust: 0.6

url:https://packetstormsecurity.com/files/158050/red-hat-security-advisory-2020-2529-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072123

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022040522

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2554/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2447/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1130

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-tomcat-vulnerabilities-affect-ibm-control-center/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1837/

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2261

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-tomcat-code-execution-via-persistencemanager-32313

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1887/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1404

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2-2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0993

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1793/

Trust: 0.6

url:https://packetstormsecurity.com/files/158621/red-hat-security-advisory-2020-3017-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2046/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2670/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0742

Trust: 0.6

url:https://packetstormsecurity.com/files/158103/gentoo-linux-security-advisory-202006-21.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021063003

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2731

Trust: 0.6

url:https://packetstormsecurity.com/files/158761/ubuntu-security-notice-usn-4448-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/159666/ubuntu-security-notice-usn-4596-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030854

Trust: 0.6

url:https://packetstormsecurity.com/files/167841/red-hat-security-advisory-2022-5532-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-tomcat-affects-ibm-platform-symphony-3/

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.2

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10332

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13936

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17510

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5410

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27216

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10688

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14887

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14297

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14338

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10693

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11996

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12402

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12402

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25638

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14340

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.9.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14297

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17510

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11996

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25633

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26945

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25644

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13936

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5421

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28052

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10693

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10688

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14887

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10714

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2483

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2530

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2506

Trust: 0.1

url:https://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.104

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.55

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6943-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41079

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.6

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6908-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0221

Trust: 0.1

sources: VULHUB: VHN-187609 // PACKETSTORM: 163798 // PACKETSTORM: 158029 // PACKETSTORM: 158049 // PACKETSTORM: 158032 // PACKETSTORM: 158103 // PACKETSTORM: 167841 // PACKETSTORM: 179893 // PACKETSTORM: 179696 // CNNVD: CNNVD-202005-1078 // NVD: CVE-2020-9484

CREDITS

Ubuntu

Trust: 0.8

sources: PACKETSTORM: 179893 // PACKETSTORM: 179696 // CNNVD: CNNVD-202005-1078

SOURCES

db:VULHUBid:VHN-187609
db:VULMONid:CVE-2020-9484
db:PACKETSTORMid:163798
db:PACKETSTORMid:158029
db:PACKETSTORMid:158049
db:PACKETSTORMid:158032
db:PACKETSTORMid:158103
db:PACKETSTORMid:167841
db:PACKETSTORMid:179893
db:PACKETSTORMid:179696
db:CNNVDid:CNNVD-202005-1078
db:NVDid:CVE-2020-9484

LAST UPDATE DATE

2024-11-20T21:55:10.098000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-187609date:2022-07-25T00:00:00
db:VULMONid:CVE-2020-9484date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202005-1078date:2023-07-20T00:00:00
db:NVDid:CVE-2020-9484date:2023-11-07T03:26:54.770

SOURCES RELEASE DATE

db:VULHUBid:VHN-187609date:2020-05-20T00:00:00
db:VULMONid:CVE-2020-9484date:2020-05-20T00:00:00
db:PACKETSTORMid:163798date:2021-08-12T15:42:56
db:PACKETSTORMid:158029date:2020-06-11T16:32:58
db:PACKETSTORMid:158049date:2020-06-11T16:36:30
db:PACKETSTORMid:158032date:2020-06-11T16:33:22
db:PACKETSTORMid:158103date:2020-06-16T00:56:11
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:PACKETSTORMid:179893date:2024-08-02T16:04:27
db:PACKETSTORMid:179696date:2024-07-24T13:32:46
db:CNNVDid:CNNVD-202005-1078date:2020-05-20T00:00:00
db:NVDid:CVE-2020-9484date:2020-05-20T19:15:09.257