Lucene search

K
amazonAmazonALAS-2020-1389
HistoryJun 23, 2020 - 6:45 a.m.

Important: tomcat7

2020-06-2306:45:00
alas.aws.amazon.com
19

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.922 High

EPSS

Percentile

98.9%

Issue Overview:

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=“null” (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)

Affected Packages:

tomcat7

Issue Correction:
Run yum update tomcat7 to update your system.

New Packages:

noarch:  
    tomcat7-jsp-2.2-api-7.0.104-1.38.amzn1.noarch  
    tomcat7-log4j-7.0.104-1.38.amzn1.noarch  
    tomcat7-webapps-7.0.104-1.38.amzn1.noarch  
    tomcat7-javadoc-7.0.104-1.38.amzn1.noarch  
    tomcat7-lib-7.0.104-1.38.amzn1.noarch  
    tomcat7-admin-webapps-7.0.104-1.38.amzn1.noarch  
    tomcat7-docs-webapp-7.0.104-1.38.amzn1.noarch  
    tomcat7-7.0.104-1.38.amzn1.noarch  
    tomcat7-el-2.2-api-7.0.104-1.38.amzn1.noarch  
    tomcat7-servlet-3.0-api-7.0.104-1.38.amzn1.noarch  
  
src:  
    tomcat7-7.0.104-1.38.amzn1.src  

Additional References

Red Hat: CVE-2020-9484

Mitre: CVE-2020-9484

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.922 High

EPSS

Percentile

98.9%