View | Details | Raw Unified | Return to bug 246657
Collapse All | Expand All

(-)vuln.xml (+39 lines)
Line 60 Link Here
61 
  <vuln vid="676ca486-9c1e-11ea-8b5e-b42e99a1b9c3">
62 
    <topic>Apache Tomcat Remote Code Execution via session persistence</topic>
63 
    <affects>
64 
      <package>
65 
	<name>tomcat7</name>
66 
	<range><lt>7.0.104</lt></range>
67 
      </package>
68 
      <package>
69 
	<name>tomcat85</name>
70 
	<range><lt>8.5.55</lt></range>
71 
      </package>
72 
      <package>
73 
	<name>tomcat9</name>
74 
	<range><lt>9.0.35</lt></range>
75 
      </package>
76 
      <package>
77 
	<name>tomcat-devel</name>
78 
	<range><lt>10.0.0.M5</lt></range>
79 
      </package>
80 
    </affects>
81 
    <description>
82 
      <body xmlns="http://www.w3.org/1999/xhtml">
83 
	<p>The Apache Software Foundation reports:</p>
84 
	  <p>Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control</p>
85 
      </body>
86 
    </description>
87 
    <references>
88 
      <url>http://tomcat.apache.org/security-7.html</url>
89 
      <url>http://tomcat.apache.org/security-8.html</url>
90 
      <url>http://tomcat.apache.org/security-9.html</url>
91 
      <url>http://tomcat.apache.org/security-10.html</url>
92 
      <cvename>CVE-2020-9484</cvename>
93 
    </references>
94 
    <dates>
95 
      <discovery>2020-05-12</discovery>
96 
      <entry>2020-05-22</entry>
97 
    </dates>
98 
  </vuln>
99 

            






  

  Return to bug 246657