Lucene search

K
debianDebianDEBIAN:DSA-4627-1:1B266
HistoryJul 17, 2020 - 6:07 p.m.

[SECURITY] [DSA 4627-1] tomcat9 security update

2020-07-1718:07:40
lists.debian.org
50
tomcat9
cve-2020-9484
cve-2020-11996
cve-2020-13934
code execution
denial of service
debian security advisory

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

9

Confidence

High

EPSS

0.914

Percentile

99.0%


Debian Security Advisory DSA-4727-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2020 https://www.debian.org/security/faq


Package : tomcat9
CVE ID : CVE-2020-9484 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935

Several vulnerabilities were discovered in the Tomcat servlet and JSP
engine, which could result in code execution or denial of service.

For the stable distribution (buster), these problems have been fixed in
version 9.0.31-1~deb10u2.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

9

Confidence

High

EPSS

0.914

Percentile

99.0%