{"containers": {"cna": {"affected": [{"product": "Apache Tomcat", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"}]}], "descriptions": [{"lang": "en", "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:24:10", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"}, {"name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"}, {"name": "openSUSE-SU-2020:0711", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"}, {"name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"}, {"name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Jun/6"}, {"name": "GLSA-202006-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202006-21"}, {"name": "FEDORA-2020-ce396e7d5c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"}, {"name": "FEDORA-2020-d9169235a8", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"}, {"name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"}, {"name": "DSA-4727", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4727"}, {"name": "USN-4448-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4448-1/"}, {"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"}, {"name": "USN-4596-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4596-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"}, {"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"}, {"name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2020-9484", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Tomcat", "version": {"version_data": [{"version_value": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"}, {"name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E"}, {"name": "openSUSE-SU-2020:0711", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"}, {"name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"}, {"name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Jun/6"}, {"name": "GLSA-202006-21", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202006-21"}, {"name": "FEDORA-2020-ce396e7d5c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"}, {"name": "FEDORA-2020-d9169235a8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"}, {"name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "https://security.netapp.com/advisory/ntap-20200528-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"}, {"name": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"}, {"name": "DSA-4727", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4727"}, {"name": "USN-4448-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4448-1/"}, {"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"}, {"name": "USN-4596-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4596-1/"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E"}, {"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E"}, {"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E"}, {"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"}, {"name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:16.293Z"}, "title": "CVE Program Container", "references": [{"name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"}, {"name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"}, {"name": "openSUSE-SU-2020:0711", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"}, {"name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"}, {"name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Jun/6"}, {"name": "GLSA-202006-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202006-21"}, {"name": "FEDORA-2020-ce396e7d5c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"}, {"name": "FEDORA-2020-d9169235a8", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"}, {"name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"}, {"name": "DSA-4727", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4727"}, {"name": "USN-4448-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4448-1/"}, {"name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"}, {"name": "USN-4596-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4596-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"}, {"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"}, {"name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-9484", "datePublished": "2020-05-20T18:26:41", "dateReserved": "2020-03-01T00:00:00", "dateUpdated": "2024-08-04T10:26:16.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE5E91B0-1B3B-4871-ADD0-C772DA1894E6", "versionEndExcluding": "7.0.108", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F32163D-F54D-48C9-AE9D-44ABA776B060", "versionEndExcluding": "8.5.63", "versionStartIncluding": "8.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "C570AD4E-B51D-4490-83B9-BFC8528514EF", "versionEndExcluding": "9.0.43", "versionStartIncluding": "9.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "matchCriteriaId": "90CD7E85-4FF9-4158-AC78-4BFCBC882A65", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "7EA56B52-1015-40CD-B10C-393768094269", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "matchCriteriaId": "501B0D4A-D636-4736-979B-D5023599CEFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "matchCriteriaId": "94E7764F-BF9E-463E-B446-A9A8DB92BB97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1", "versionEndIncluding": "8.4.0.5", "versionStartIncluding": "8.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2", "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", "matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C5E9A12-BFE9-4963-A360-A34168A6BF6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA2E1357-E3A1-461C-B7A0-A9446E45496D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464", "versionEndIncluding": "17.3", "versionStartIncluding": "17.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "70C60E6C-1A61-422B-A132-FB024761F576", "versionEndIncluding": "8.0.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AACBCC9-FDAC-42DF-B931-BD908CAF5C65", "versionEndIncluding": "21.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "30DB69BD-0F6E-4AB5-A861-7CB911C35660", "versionEndIncluding": "20.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "A58642E0-CA59-4DE6-A83C-F551FC621C32", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD848FE1-CFD7-490C-B008-DF3B30F3256F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*", "matchCriteriaId": "630C8E99-FE49-486E-9003-40B82809B7A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*", "matchCriteriaId": "C842DE9E-5E12-4295-AFA5-DEB5FEDE490A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."}, {"lang": "es", "value": "Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M4, 9.0.0.M1 hasta 9.0.34, 8.5.0 hasta 8.5.54 y 7.0.0 hasta 7.0. 103, si a) un atacante es capaz de controlar el contenido y el nombre de un archivo en el servidor; y b) el servidor est\u00e1 configurado para usar el PersistenceManager con un FileStore; y c) el PersistenceManager est\u00e1 configurado con sessionAttributeValueClassNameFilter=\"null\" (el valor predeterminado a menos que se utilice un SecurityManager) o un filtro lo suficientemente laxo como para permitir que el objeto proporcionado por el atacante sea deserializado; y d) el atacante conoce la ruta relativa del archivo desde la ubicaci\u00f3n de almacenamiento usada por FileStore hasta el archivo sobre el que el atacante presenta control; entonces, mediante una petici\u00f3n espec\u00edficamente dise\u00f1ada, el atacante podr\u00e1 ser capaz de desencadenar una ejecuci\u00f3n de c\u00f3digo remota mediante la deserializaci\u00f3n del archivo bajo su control. Tome en cuenta que todas las condiciones desde la a) hasta la d) deben cumplirse para que el ataque tenga \u00e9xito."}], "id": "CVE-2020-9484", "lastModified": "2023-11-07T03:26:54.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-20T19:15:09.257", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jun/6"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10332"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"}, {"source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202006-21"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4448-1/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4596-1/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4727"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "security@apache.org", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2529", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "tomcat6-0:6.0.24-115.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-06-11T00:00:00Z"}, {"advisory": "RHSA-2020:2530", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "tomcat-0:7.0.76-12.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-06-11T00:00:00Z"}, {"advisory": "RHSA-2022:5532", "cpe": "cpe:/a:redhat:jboss_fuse:7", "product_name": "Red Hat Fuse 7.11", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2021:3140", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "low", "package": "tomcat", "product_name": "Red Hat Fuse 7.9", "release_date": "2021-08-11T00:00:00Z"}, {"advisory": "RHSA-2020:2487", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1", "package": "tomcat", "product_name": "Red Hat JBoss Web Server 3.1", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2483", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat7-0:7.0.70-40.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2483", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat8-0:8.0.36-44.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2483", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat-native-0:1.2.23-22.redhat_22.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2483", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat7-0:7.0.70-40.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2483", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat8-0:8.0.36-44.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2483", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat-native-0:1.2.23-22.redhat_22.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6", "package": "jws5-tomcat-0:9.0.30-4.redhat_5.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 6", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6", "package": "jws5-tomcat-native-0:1.2.23-5.redhat_5.el6jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 6", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7", "package": "jws5-tomcat-0:9.0.30-4.redhat_5.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 7", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7", "package": "jws5-tomcat-native-0:1.2.23-5.redhat_5.el7jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 7", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8", "package": "jws5-tomcat-0:9.0.30-4.redhat_5.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 8", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8", "package": "jws5-tomcat-native-0:1.2.23-5.redhat_5.el8jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 8", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:2509", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3", "package": "tomcat", "product_name": "Red Hat JBoss Web Server (JWS) 5.3", "release_date": "2020-06-10T00:00:00Z"}, {"advisory": "RHSA-2020:3017", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "tomcat", "product_name": "Red Hat Runtimes Spring Boot 2.1.15", "release_date": "2020-07-27T00:00:00Z"}], "bugzilla": {"description": "tomcat: deserialization flaw in session persistence storage leading to RCE", "id": "1838332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838332"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-502", "details": ["When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.", "A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html."}, "name": "CVE-2020-9484", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "impact": "low", "package_name": "pki-deps:10.6/pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "jbossweb", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-java-common-tomcat", "product_name": "Red Hat Software Collections"}], "public_date": "2020-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-9484\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9484\nhttp://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E\nhttp://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35"], "statement": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the pki-servlet-engine component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of pki-servlet-engine outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products. A future update may update Tomcat in pki-servlet-engine.\nRed Hat Satellite do not ship Tomcat and rather use its configuration. The product is not affected because configuration does not make use of PersistanceManager or FileStore. Tomcat updates can be obtain from Red Hat Enterprise Linux (RHEL) RHSA.", "threat_severity": "Important", "upstream_fix": "tomcat 10.0.0-M5, tomcat 9.0.35, tomcat 8.5.55, tomcat 7.0.104"}