{"id": "KLA11785", "bulletinFamily": "info", "title": "\r KLA11785Security vulnerability in Apache Tomcat ", "description": "### *Detect date*:\n05/11/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nSecurity vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions.\n\n### *Affected products*:\nApache Tomcat 8 earlier than 8.5.55 \nApache Tomcat 9 earlier than 9.0.35\n\n### *Solution*:\nUpdate to the latest version \n[Tomcat 8 Software Downloads](<https://tomcat.apache.org/download-80.cgi>) \n[Tomcat 9 Software Downloads](<https://tomcat.apache.org/download-90.cgi>)\n\n### *Original advisories*:\n[Apache Tomcat 8.x vulnerabilities](<http://tomcat.apache.org/security-8.html>) \n[Apache Tomcat 9.x vulnerabilities](<http://tomcat.apache.org/security-9.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apache Tomcat](<https://threats.kaspersky.com/en/product/Apache-Tomcat/>)\n\n### *CVE-IDS*:\n[CVE-2020-9484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484>)0.0Unknown", "published": "2020-05-11T00:00:00", "modified": "2020-05-29T00:00:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA11785", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2020-9484"], "type": "kaspersky", "lastseen": "2020-09-02T11:43:50", "edition": 1, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-9484"]}, {"type": "attackerkb", "idList": ["AKB:38F76C83-56D0-4112-A583-4513CC15B1B3"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-71221", "ATLASSIAN:JRASERVER-71321", "ATLASSIAN:CONFSERVER-60004"]}, {"type": "kaspersky", "idList": ["KLA11784"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-2529", "ELSA-2020-4004", "ELSA-2020-2530"]}, {"type": "amazon", "idList": ["ALAS-2020-1390", "ALAS2-2020-1449", "ALAS-2020-1389"]}, {"type": "archlinux", "idList": ["ASA-202006-7", "ASA-202006-5", "ASA-202006-6"]}, {"type": "centos", "idList": ["CESA-2020:2530"]}, {"type": "redhat", "idList": ["RHSA-2020:2530", "RHSA-2020:2487", "RHSA-2020:3017", "RHSA-2020:2506", "RHSA-2020:2483", "RHSA-2020:2509", "RHSA-2020:2529"]}, {"type": "fedora", "idList": ["FEDORA:F12FB31404B0", "FEDORA:4788E309FF20"]}, {"type": "nessus", "idList": ["ALA_ALAS-2020-1390.NASL", "TOMCAT_9_0_35.NASL", "TOMCAT_7_0_104.NASL", "REDHAT-RHSA-2020-2529.NASL", "AL2_ALAS-2020-1449.NASL", "CENTOS_RHSA-2020-2530.NASL", "FEDORA_2020-CE396E7D5C.NASL", "REDHAT-RHSA-2020-2530.NASL", "TOMCAT_8_5_55.NASL", "REDHAT-RHSA-2020-2483.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201645", "OPENVAS:1361412562310143964", "OPENVAS:1361412562310883252", "OPENVAS:1361412562310853179", "OPENVAS:1361412562310877967", "OPENVAS:1361412562310892217", "OPENVAS:1361412562310892279", "OPENVAS:1361412562310877995", "OPENVAS:1361412562310704727", "OPENVAS:1361412562310143963"]}, {"type": "freebsd", "idList": ["676CA486-9C1E-11EA-8B5E-B42E99A1B9C3"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2209-1:84C77", "DEBIAN:DLA-2279-1:771F3", "DEBIAN:DSA-4627-1:1B266", "DEBIAN:DLA-2217-1:0ED90"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0711-1"]}, {"type": "gentoo", "idList": ["GLSA-202006-21"]}, {"type": "github", "idList": ["GHSA-344F-F5VG-2JFJ"]}, {"type": "ubuntu", "idList": ["USN-4448-1", "USN-4596-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020"]}], "modified": "2020-09-02T11:43:50", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-09-02T11:43:50", "rev": 2}, "vulnersScore": 5.9}}

{"cve": [{"lastseen": "2020-12-09T22:03:20", "description": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.", "edition": 24, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-20T19:15:00", "title": "CVE-2020-9484", "type": "cve", "cwe": ["CWE-502"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9484"], "modified": "2020-10-27T20:15:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/a:apache:tomcat:10.0.0", "cpe:/a:apache:tomcat:9.0.0", "cpe:/a:apache:tomcat:9.0.34", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/a:oracle:instantis_enterprisetrack:17.3", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:apache:tomcat:8.5.54", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:31", "cpe:/a:apache:tomcat:7.0.103", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-9484", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9484", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.54:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.103:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2020-11-18T06:39:24", "bulletinFamily": "info", "cvelist": ["CVE-2020-9484"], "description": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\u201cnull\u201d (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.\n\n \n**Recent assessments:** \n \n**redtimmy** at June 06, 2020 1:41pm UTC reported:\n\nThis attack can have high impact (RCE), but the conditions that need to be met make the likelihood of exploitation low.\n\n 1. PersistentManager needs to be enabled manually by the tomcat administrator. This is likely to happen only on websites with high traffic loads (but not too high, as it will be more likely that a JDBC Store is used instead of a File Store) \n\n 2. The attacker has to find a separate file upload vulnerability to place the malicious serialized file on the server. \n\n 3. There have to be libraries on the classpath which are vulnerable to be exploited by a Java deserialization attack (e.g. gadgets). \n\n\nHowever, a large range of versions of tomcat are affected.\n\nMore info in this article: <https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/>\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 3**wvu-r7** at June 07, 2020 12:22am UTC reported:\n\nThis attack can have high impact (RCE), but the conditions that need to be met make the likelihood of exploitation low.\n\n 1. PersistentManager needs to be enabled manually by the tomcat administrator. This is likely to happen only on websites with high traffic loads (but not too high, as it will be more likely that a JDBC Store is used instead of a File Store) \n\n 2. The attacker has to find a separate file upload vulnerability to place the malicious serialized file on the server. \n\n 3. There have to be libraries on the classpath which are vulnerable to be exploited by a Java deserialization attack (e.g. gadgets). \n\n\nHowever, a large range of versions of tomcat are affected.\n\nMore info in this article: <https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/>\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 2\n", "modified": "2020-07-24T00:00:00", "published": "2020-05-20T00:00:00", "id": "AKB:38F76C83-56D0-4112-A583-4513CC15B1B3", "href": "https://attackerkb.com/topics/rboq4u1oPY/cve-2020-9484-persistentmanager-java-deserialization-vulnerability", "type": "attackerkb", "title": "CVE-2020-9484 \u2014 PersistentManager Java deserialization vulnerability", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2020-12-24T14:35:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-9484"], "description": "h3. Issue Summary\r\n\r\nThe recently [disclosed vulnerability regarding Tomcat|https://nvd.nist.gov/vuln/detail/CVE-2020-9484] affects the following versions:\r\n\r\n Apache Tomcat 7x <7.0.103\r\n Apache Tomcat 8x <8.5.54\r\n Apache Tomcat 9x <9.0.34\r\n Apache Tomcat 10x < 10.0.0-M4\r\n\r\nWe should bundle a more recent version of Tomcat, so that Jira is not affected by this in the future.\r\n\r\nh3. Steps to Reproduce\r\n\r\n* Check the CVE [report|https://nvd.nist.gov/vuln/detail/CVE-2020-9484].\r\n\r\n\r\nh3. Expected Results\r\n\r\n* Not applicable.\r\n\r\nh3. Actual Results\r\n\r\n* Not applicable.\r\n\r\nh3. Workaround\r\n\r\n* Manually upgrade Tomcat according to our [documentation|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html].", "edition": 15, "modified": "2020-10-14T16:00:32", "published": "2020-06-25T04:59:30", "id": "ATLASSIAN:JRASERVER-71221", "href": "https://jira.atlassian.com/browse/JRASERVER-71221", "title": "Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484", "type": "atlassian", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-15T05:43:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-9484", "CVE-2020-13935", "CVE-2020-11996"], "description": "h3. Issue Summary\r\n * The current version of Tomcat 9.0.33 bundled with Confluence (at least up to Confluence version 7.6) is vulnerable to HTTP/2 Denial of Service CVE-2020-11996 \r\n [https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_9.0.36]\r\n [http://mail-archives.us.apache.org/mod_mbox/www-announce/202006.mbox/%3Cfd56bc1d-1219-605b-99c7-946bf7bd8ad4%40apache.org%3E]\r\n\r\nThis vulnerability uses \"(a) specially crafted sequence of HTTP/2 requests\" to \"trigger high CPU usage for several seconds.\" A large number of these HTTP/2 requests could be used to make an application unresponsive.\r\n\r\nh3. Versions Affected:\r\n * Apache Tomcat 10.0.0-M1 to 10.0.0-M5\r\n * Apache Tomcat 9.0.0.M1 to 9.0.35\r\n * Apache Tomcat 8.5.0 to 8.5.55\r\n\r\nh3. Versions affected:\r\n - Apache Tomcat 10.0.0-M6 or later\r\n - Apache Tomcat 9.0.36 or later\r\n - Apache Tomcat 8.5.56 or later\r\n\r\nh3. Notes\r\n* By default Confluence is configured to use an HTTP/1.1 connector and would not be vulnerable to this CVE\r\n\r\nh3. Mitigation\r\n* No workaround is needed to mitigate this vulnerability. \r\n* If your organization determines that you cannot use a version of Tomcat that is affected by CVE-2020-11996 you can manually update the version of Tomcat used by Confluence to an unaffected version (9.0.37) as described in [How to Upgrade The Tomcat Container for Confluence|https://confluence.atlassian.com/confkb/how-to-upgrade-the-tomcat-container-for-confluence-336757062.html]\r\n** Note: Manually upgrading the version of Tomcat used by Confluence is not supported. If any issues arise from making this change, Atlassian Support would first recommend going back to a supported version of Tomcat.", "edition": 59, "modified": "2021-01-15T01:26:47", "published": "2020-06-29T13:40:00", "id": "ATLASSIAN:CONFSERVER-60004", "href": "https://jira.atlassian.com/browse/CONFSERVER-60004", "title": "Upgrade Tomcat to version 9.0.37", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-24T14:35:28", "bulletinFamily": "software", "cvelist": ["CVE-2019-12418", "CVE-2020-9484", "CVE-2020-13935", "CVE-2020-11996", "CVE-2020-13934"], "description": "h3. Issue Summary\r\n\r\nThe recently disclosed vulnerability regarding Apache Tomcat\r\n\r\n* [CVE-2020-13934|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934]\r\n\r\naffects the following versions:\r\n\r\n \r\n Apache Tomcat 8.x from 8.5.1 to 8.5.56\r\n Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36\r\n Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6\r\n\r\nAdditionally, the following disclosed vulnerability regarding Tomcat:\r\n\r\n* [CVE-2020-13935|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935]\r\n\r\naffects the following versions:\r\n\r\n Apache Tomcat 7.x from 7.0.27 to 7.0.104\r\n Apache Tomcat 8.x from 8.5.1 to 8.5.56\r\n Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36\r\n Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6\r\n\r\nWe should bundle a more recent version of Tomcat so that Jira is not affected by this in the future.\r\n\r\nh3. Steps to Reproduce\r\n\r\n* Check the CVE reports:\r\n** [CVE-2020-13934|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934]\r\n** [CVE-2020-13935|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935]\r\n\r\nh3. Expected Results\r\n\r\n* Not applicable.\r\n\r\nh3. Actual Results\r\n\r\n* Not applicable.\r\n\r\nh3. Workaround\r\n\r\n* Manually upgrade Tomcat according to our [documentation|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html].", "edition": 44, "modified": "2020-11-26T00:08:25", "published": "2020-07-17T15:19:11", "id": "ATLASSIAN:JRASERVER-71321", "href": "https://jira.atlassian.com/browse/JRASERVER-71321", "title": "Upgrade the bundled version of Apache Tomcat to 8.5.57", "type": "atlassian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:43:50", "bulletinFamily": "info", "cvelist": ["CVE-2020-9484"], "description": "### *Detect date*:\n05/16/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nSecurity vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions.\n\n### *Affected products*:\nApache Tomcat 7 earlier than 7.0.104\n\n### *Solution*:\nUpdate to the latest version \n[Tomcat 7 Software Downloads](<https://tomcat.apache.org/download-70.cgi>)\n\n### *Original advisories*:\n[Apache Tomcat 7.x vulnerabilities](<http://tomcat.apache.org/security-7.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apache Tomcat](<https://threats.kaspersky.com/en/product/Apache-Tomcat/>)\n\n### *CVE-IDS*:\n[CVE-2020-9484](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484>)0.0Unknown", "edition": 1, "modified": "2020-05-29T00:00:00", "published": "2020-05-16T00:00:00", "id": "KLA11784", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11784", "title": "\r KLA11784Security vulnerability in Apache Tomcat ", "type": "kaspersky", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-06-12T17:23:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "[0:6.0.24-115]\n- Resolves: CVE-2020-9484 tomcat6: tomcat: Apache Tomcat Remote Code Execution via session persistence", "edition": 1, "modified": "2020-06-12T00:00:00", "published": "2020-06-12T00:00:00", "id": "ELSA-2020-2529", "href": "http://linux.oracle.com/errata/ELSA-2020-2529.html", "title": "tomcat6 security update", "type": "oraclelinux", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-12T09:31:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "[0:7.0.76-12]\n- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence", "edition": 2, "modified": "2020-06-11T00:00:00", "published": "2020-06-11T00:00:00", "id": "ELSA-2020-2530", "href": "http://linux.oracle.com/errata/ELSA-2020-2530.html", "title": "tomcat security update", "type": "oraclelinux", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-07T06:45:25", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484", "CVE-2020-13935", "CVE-2019-17563"], "description": "[0:7.0.76-15]\n- Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS\n[0:7.0.76-14]\n- Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127\n- Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence\n[0:7.0.76-13]\n- Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127", "edition": 1, "modified": "2020-10-06T00:00:00", "published": "2020-10-06T00:00:00", "id": "ELSA-2020-4004", "href": "http://linux.oracle.com/errata/ELSA-2020-4004.html", "title": "tomcat security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "**Issue Overview:**\n\nWhen using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. ([CVE-2020-9484 __](<https://access.redhat.com/security/cve/CVE-2020-9484>)) \n\n\n \n**Affected Packages:** \n\n\ntomcat8\n\n \n**Issue Correction:** \nRun _yum update tomcat8_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat8-8.5.56-1.84.amzn1.noarch \n tomcat8-docs-webapp-8.5.56-1.84.amzn1.noarch \n tomcat8-webapps-8.5.56-1.84.amzn1.noarch \n tomcat8-log4j-8.5.56-1.84.amzn1.noarch \n tomcat8-lib-8.5.56-1.84.amzn1.noarch \n tomcat8-el-3.0-api-8.5.56-1.84.amzn1.noarch \n tomcat8-servlet-3.1-api-8.5.56-1.84.amzn1.noarch \n tomcat8-javadoc-8.5.56-1.84.amzn1.noarch \n tomcat8-admin-webapps-8.5.56-1.84.amzn1.noarch \n tomcat8-jsp-2.3-api-8.5.56-1.84.amzn1.noarch \n \n src: \n tomcat8-8.5.56-1.84.amzn1.src \n \n \n", "edition": 3, "modified": "2020-06-23T06:47:00", "published": "2020-06-23T06:47:00", "id": "ALAS-2020-1390", "href": "https://alas.aws.amazon.com/ALAS-2020-1390.html", "title": "Important: tomcat8", "type": "amazon", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:25", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "**Issue Overview:**\n\nWhen using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. ([CVE-2020-9484 __](<https://access.redhat.com/security/cve/CVE-2020-9484>))\n\n \n**Affected Packages:** \n\n\ntomcat\n\n \n**Issue Correction:** \nRun _yum update tomcat_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat-7.0.76-10.amzn2.0.2.noarch \n tomcat-admin-webapps-7.0.76-10.amzn2.0.2.noarch \n tomcat-docs-webapp-7.0.76-10.amzn2.0.2.noarch \n tomcat-javadoc-7.0.76-10.amzn2.0.2.noarch \n tomcat-jsvc-7.0.76-10.amzn2.0.2.noarch \n tomcat-jsp-2.2-api-7.0.76-10.amzn2.0.2.noarch \n tomcat-lib-7.0.76-10.amzn2.0.2.noarch \n tomcat-servlet-3.0-api-7.0.76-10.amzn2.0.2.noarch \n tomcat-el-2.2-api-7.0.76-10.amzn2.0.2.noarch \n tomcat-webapps-7.0.76-10.amzn2.0.2.noarch \n \n src: \n tomcat-7.0.76-10.amzn2.0.2.src \n \n \n", "edition": 1, "modified": "2020-06-26T22:56:00", "published": "2020-06-26T22:56:00", "id": "ALAS2-2020-1449", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1449.html", "title": "Important: tomcat", "type": "amazon", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "**Issue Overview:**\n\nWhen using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. ([CVE-2020-9484 __](<https://access.redhat.com/security/cve/CVE-2020-9484>)) \n\n\n \n**Affected Packages:** \n\n\ntomcat7\n\n \n**Issue Correction:** \nRun _yum update tomcat7_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat7-jsp-2.2-api-7.0.104-1.38.amzn1.noarch \n tomcat7-log4j-7.0.104-1.38.amzn1.noarch \n tomcat7-webapps-7.0.104-1.38.amzn1.noarch \n tomcat7-javadoc-7.0.104-1.38.amzn1.noarch \n tomcat7-lib-7.0.104-1.38.amzn1.noarch \n tomcat7-admin-webapps-7.0.104-1.38.amzn1.noarch \n tomcat7-docs-webapp-7.0.104-1.38.amzn1.noarch \n tomcat7-7.0.104-1.38.amzn1.noarch \n tomcat7-el-2.2-api-7.0.104-1.38.amzn1.noarch \n tomcat7-servlet-3.0-api-7.0.104-1.38.amzn1.noarch \n \n src: \n tomcat7-7.0.104-1.38.amzn1.src \n \n \n", "edition": 3, "modified": "2020-06-23T06:45:00", "published": "2020-06-23T06:45:00", "id": "ALAS-2020-1389", "href": "https://alas.aws.amazon.com/ALAS-2020-1389.html", "title": "Important: tomcat7", "type": "amazon", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Arch Linux Security Advisory ASA-202006-7\n=========================================\n\nSeverity: High\nDate : 2020-06-06\nCVE-ID : CVE-2020-9484\nPackage : tomcat9\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1171\n\nSummary\n=======\n\nThe package tomcat9 before version 9.0.35-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 9.0.35-1.\n\n# pacman -Syu \"tomcat9>=9.0.35-1\"\n\nThe problem has been fixed upstream in version 9.0.35.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nWhen using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to\n9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able\nto control the contents and name of a file on the server; and b) the\nserver is configured to use the PersistenceManager with a FileStore;\nand c) the PersistenceManager is configured with\nsessionAttributeValueClassNameFilter=\"null\" (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized; and d) the attacker knows\nthe relative file path from the storage location used by FileStore to\nthe file the attacker has control over; then, using a specifically\ncrafted request, the attacker will be able to trigger remote code\nexecution via deserialization of the file under their control.\n\nNote that all of conditions a) to d) must be true for the attack to\nsucceed.\n\nImpact\n======\n\nA remote attacker can execute code on the affected host if they control\nthe file content and know the path.\n\nReferences\n==========\n\nhttps://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E\nhttps://security.archlinux.org/CVE-2020-9484", "modified": "2020-06-06T00:00:00", "published": "2020-06-06T00:00:00", "id": "ASA-202006-7", "href": "https://security.archlinux.org/ASA-202006-7", "type": "archlinux", "title": "[ASA-202006-7] tomcat9: arbitrary code execution", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Arch Linux Security Advisory ASA-202006-6\n=========================================\n\nSeverity: High\nDate : 2020-06-06\nCVE-ID : CVE-2020-9484\nPackage : tomcat7\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1169\n\nSummary\n=======\n\nThe package tomcat7 before version 7.0.104-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 7.0.104-1.\n\n# pacman -Syu \"tomcat7>=7.0.104-1\"\n\nThe problem has been fixed upstream in version 7.0.104.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nWhen using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to\n9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able\nto control the contents and name of a file on the server; and b) the\nserver is configured to use the PersistenceManager with a FileStore;\nand c) the PersistenceManager is configured with\nsessionAttributeValueClassNameFilter=\"null\" (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized; and d) the attacker knows\nthe relative file path from the storage location used by FileStore to\nthe file the attacker has control over; then, using a specifically\ncrafted request, the attacker will be able to trigger remote code\nexecution via deserialization of the file under their control.\n\nNote that all of conditions a) to d) must be true for the attack to\nsucceed.\n\nImpact\n======\n\nA remote attacker can execute code on the affected host if they control\nthe file content and know the path.\n\nReferences\n==========\n\nhttps://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E\nhttps://security.archlinux.org/CVE-2020-9484", "modified": "2020-06-06T00:00:00", "published": "2020-06-06T00:00:00", "id": "ASA-202006-6", "href": "https://security.archlinux.org/ASA-202006-6", "type": "archlinux", "title": "[ASA-202006-6] tomcat7: arbitrary code execution", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Arch Linux Security Advisory ASA-202006-5\n=========================================\n\nSeverity: High\nDate : 2020-06-06\nCVE-ID : CVE-2020-9484\nPackage : tomcat8\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1170\n\nSummary\n=======\n\nThe package tomcat8 before version 8.5.55-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 8.5.55-1.\n\n# pacman -Syu \"tomcat8>=8.5.55-1\"\n\nThe problem has been fixed upstream in version 8.5.55.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nWhen using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to\n9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if: a) an attacker is able\nto control the contents and name of a file on the server; and b) the\nserver is configured to use the PersistenceManager with a FileStore;\nand c) the PersistenceManager is configured with\nsessionAttributeValueClassNameFilter=\"null\" (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized; and d) the attacker knows\nthe relative file path from the storage location used by FileStore to\nthe file the attacker has control over; then, using a specifically\ncrafted request, the attacker will be able to trigger remote code\nexecution via deserialization of the file under their control.\n\nNote that all of conditions a) to d) must be true for the attack to\nsucceed.\n\nImpact\n======\n\nA remote attacker can execute code on the affected host if they control\nthe file content and know the path.\n\nReferences\n==========\n\nhttps://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E\nhttps://security.archlinux.org/CVE-2020-9484", "modified": "2020-06-06T00:00:00", "published": "2020-06-06T00:00:00", "id": "ASA-202006-5", "href": "https://security.archlinux.org/ASA-202006-5", "type": "archlinux", "title": "[ASA-202006-5] tomcat8: arbitrary code execution", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-06-12T01:25:30", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "**CentOS Errata and Security Advisory** CESA-2020:2530\n\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-June/035755.html\n\n**Affected packages:**\ntomcat\ntomcat-admin-webapps\ntomcat-docs-webapp\ntomcat-el-2.2-api\ntomcat-javadoc\ntomcat-jsp-2.2-api\ntomcat-jsvc\ntomcat-lib\ntomcat-servlet-3.0-api\ntomcat-webapps\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-06-11T21:13:08", "published": "2020-06-11T21:13:08", "id": "CESA-2020:2530", "href": "http://lists.centos.org/pipermail/centos-announce/2020-June/035755.html", "title": "tomcat security update", "type": "centos", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2020-06-23T01:22:02", "published": "2020-06-23T01:22:02", "id": "FEDORA:F12FB31404B0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: tomcat-9.0.36-1.fc32", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. ", "modified": "2020-06-23T01:14:05", "published": "2020-06-23T01:14:05", "id": "FEDORA:4788E309FF20", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: tomcat-9.0.36-1.fc31", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-06-11T09:53:30", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-11T13:37:57", "published": "2020-06-11T13:36:48", "id": "RHSA-2020:2529", "href": "https://access.redhat.com/errata/RHSA-2020:2529", "type": "redhat", "title": "(RHSA-2020:2529) Important: tomcat6 security update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-10T15:51:50", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat Remote Code Execution via session persistence (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-10T19:00:49", "published": "2020-06-10T19:00:02", "id": "RHSA-2020:2487", "href": "https://access.redhat.com/errata/RHSA-2020:2487", "type": "redhat", "title": "(RHSA-2020:2487) Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-11T09:52:16", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-11T13:13:35", "published": "2020-06-11T12:51:20", "id": "RHSA-2020:2530", "href": "https://access.redhat.com/errata/RHSA-2020:2530", "type": "redhat", "title": "(RHSA-2020:2530) Important: tomcat security update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-10T17:51:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat Remote Code Execution via session persistence (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-10T20:20:49", "published": "2020-06-10T20:09:35", "id": "RHSA-2020:2506", "href": "https://access.redhat.com/errata/RHSA-2020:2506", "type": "redhat", "title": "(RHSA-2020:2506) Important: Red Hat JBoss Web Server 5.3.1 security update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-10T15:52:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat Remote Code Execution via session persistence (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-10T18:44:43", "published": "2020-06-10T18:34:04", "id": "RHSA-2020:2483", "href": "https://access.redhat.com/errata/RHSA-2020:2483", "type": "redhat", "title": "(RHSA-2020:2483) Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-10T17:53:28", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.3.1 serves as a replacement for Red Hat JBoss Web Server 5.3.0, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat Remote Code Execution via session persistence (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-06-10T21:01:48", "published": "2020-06-10T21:01:08", "id": "RHSA-2020:2509", "href": "https://access.redhat.com/errata/RHSA-2020:2509", "type": "redhat", "title": "(RHSA-2020:2509) Important: Red Hat JBoss Web Server 5.3.1 security update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-27T14:05:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1714", "CVE-2020-9484"], "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.1.15 serves as a replacement for Red Hat support for Spring Boot 2.1.13, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714)\n\n* tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-07-27T17:05:38", "published": "2020-07-27T17:05:02", "id": "RHSA-2020:3017", "href": "https://access.redhat.com/errata/RHSA-2020:3017", "type": "redhat", "title": "(RHSA-2020:3017) Important: Red Hat support for Spring Boot 2.1.15 security and bug fix update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:05:31", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "Package : tomcat7\nVersion : 7.0.56-3+really7.0.100-1+deb8u1\nCVE ID : CVE-2020-9484\nDebian Bug : #961209\n\nIt was discovered that there was a potential remote code execution\nvia deserialization in tomcat7, a server for HTTP and Java &quot;servlets&quot;.\n\nFor Debian 8 &quot;Jessie&quot;, this issue has been fixed in tomcat7 version\n7.0.56-3+really7.0.100-1+deb8u1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nRegards,\n\n- -- \n ,&#x27;&#x27;`.\n : :&#x27; : Chris Lamb\n `. `&#x27;` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 8, "modified": "2020-05-23T17:28:16", "published": "2020-05-23T17:28:16", "id": "DEBIAN:DLA-2217-1:0ED90", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202005/msg00020.html", "title": "[SECURITY] [DLA 2217-1] tomcat7 security update", "type": "debian", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-02T01:23:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484", "CVE-2020-11996"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2279-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nJuly 12, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : tomcat8\nVersion : 8.5.54-0+deb9u2\nCVE ID : CVE-2020-9484 CVE-2020-11996\nDebian Bug : 961209\n\nSeveral security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\n\nCVE-2020-9484\n\n When using Apache Tomcat and an attacker is able to control the\n contents and name of a file on the server; and b) the server is\n configured to use the PersistenceManager with a FileStore; and c)\n the PersistenceManager is configured with\n sessionAttributeValueClassNameFilter=&quot;null&quot; (the default unless a\n SecurityManager is used) or a sufficiently lax filter to allow the\n attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by\n FileStore to the file the attacker has control over; then, using a\n specifically crafted request, the attacker will be able to trigger\n remote code execution via deserialization of the file under their\n control. Note that all of conditions a) to d) must be true for the\n attack to succeed.\n\n\nCVE-2020-11996\n\n A specially crafted sequence of HTTP/2 requests sent to Apache\n Tomcat could trigger high CPU usage for several seconds. If a\n sufficient number of such requests were made on concurrent HTTP/2\n connections, the server could become unresponsive.\n\nFor Debian 9 stretch, these problems have been fixed in version\n8.5.54-0+deb9u2.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFor the detailed security status of tomcat8 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat8\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2020-07-12T21:11:51", "published": "2020-07-12T21:11:51", "id": "DEBIAN:DLA-2279-1:771F3", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00010.html", "title": "[SECURITY] [DLA 2279-1] tomcat8 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:05:31", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484", "CVE-2020-13935", "CVE-2020-11996", "CVE-2020-13934"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4727-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 17, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat9\nCVE ID : CVE-2020-9484 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935\n\nSeveral vulnerabilities were discovered in the Tomcat servlet and JSP\nengine, which could result in code execution or denial of service.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u2.\n\nWe recommend that you upgrade your tomcat9 packages.\n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2020-07-17T18:08:00", "published": "2020-07-17T18:08:00", "id": "DEBIAN:DSA-4627-1:1B266", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00133.html", "title": "[SECURITY] [DSA 4627-1] tomcat9 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T01:10:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484", "CVE-2019-17563", "CVE-2020-1938", "CVE-2020-1935"], "description": "Package : tomcat8\nVersion : 8.0.14-1+deb8u17\nCVE ID : CVE-2019-17563 CVE-2020-1935 CVE-2020-1938\n CVE-2020-9484\nDebian Bug : 961209 952436 952437 952438\n\n\nSeveral security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nWARNING: The fix for CVE-2020-1938 may disrupt services that rely on a\nworking AJP configuration. The option secretRequired defaults to true\nnow. You should define a secret in your server.xml or you can revert\nback by setting secretRequired to false.\n\n\nCVE-2019-17563\n\n When using FORM authentication with Apache Tomcat there was a narrow\n window where an attacker could perform a session fixation attack.\n The window was considered too narrow for an exploit to be practical\n but, erring on the side of caution, this issue has been treated as a\n security vulnerability.\n\nCVE-2020-1935\n\n In Apache Tomcat the HTTP header parsing code used an approach to\n end-of-line parsing that allowed some invalid HTTP headers to be\n parsed as valid. This led to a possibility of HTTP Request Smuggling\n if Tomcat was located behind a reverse proxy that incorrectly\n handled the invalid Transfer-Encoding header in a particular manner.\n Such a reverse proxy is considered unlikely.\n\nCVE-2020-1938\n\n When using the Apache JServ Protocol (AJP), care must be taken when\n trusting incoming connections to Apache Tomcat. Tomcat treats AJP\n connections as having higher trust than, for example, a similar HTTP\n connection. If such connections are available to an attacker, they\n can be exploited in ways that may be surprising. Previously Tomcat\n shipped with an AJP Connector enabled by default that listened on\n all configured IP addresses. It was expected (and recommended in the\n security guide) that this Connector would be disabled if not\n required.\n .\n Note that Debian already disabled the AJP connector by default.\n Mitigation is only required if the AJP port was made accessible to\n untrusted users.\n\nCVE-2020-9484\n\n When using Apache Tomcat and an attacker is able to control the\n contents and name of a file on the server; and b) the server is\n configured to use the PersistenceManager with a FileStore; and c)\n the PersistenceManager is configured with\n sessionAttributeValueClassNameFilter=&quot;null&quot; (the default unless a\n SecurityManager is used) or a sufficiently lax filter to allow the\n attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by\n FileStore to the file the attacker has control over; then, using a\n specifically crafted request, the attacker will be able to trigger\n remote code execution via deserialization of the file under their\n control. Note that all of conditions a) to d) must be true for the\n attack to succeed.\n\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n8.0.14-1+deb8u17.\n\nWe recommend that you upgrade your tomcat8 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2020-05-28T17:54:05", "published": "2020-05-28T17:54:05", "id": "DEBIAN:DLA-2209-1:84C77", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202005/msg00026.html", "title": "[SECURITY] [DLA 2209-1] tomcat8 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-06-10T17:56:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "description": "Apache Tomcat is prone to a remote code execution vulnerability.", "modified": "2020-06-09T00:00:00", "published": "2020-05-25T00:00:00", "id": "OPENVAS:1361412562310143964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143964", "type": "openvas", "title": "Apache Tomcat RCE Vulnerability - May20 (Windows)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143964\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-25 09:17:17 +0000 (Mon, 25 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2020-9484\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Tomcat RCE Vulnerability - May20 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a remote code execution vulnerability.\");\n\n script_tag(name:\"insight\", value:\"If:\n\n - an attacker is able to control the contents and name of a file on the server and\n\n - the server is configured to use the PersistenceManager with a FileStore and\n\n - the PersistenceManager is configured with sessionAttributeValueClassNameFilter='null' (the default unless a\n SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be\n deserialized and\n\n - the attacker knows the relative file path from the storage location used by FileStore to the file the\n attacker has control over\n\n then, using a specifically crafted request, the attacker will be able to trigger remote code execution via\n deserialization of the file under their control. Note that all of conditions must be true for the attack to\n succeed.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.0 to 7.0.103, 8.5.0 to 8.5.54, 9.0.0.M1 to 9.0.34 and\n 10.0.0-M1 to 10.0.0-M4.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.104, 8.5.55, 9.0.35, 10.0.0-M5 or later.\");\n\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"7.0.0\", test_version2: \"7.0.103\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.0.104\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.5.0\", test_version2: \"8.5.54\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.55\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"9.0.0.M1\") >= 0) && (revcomp(a: version, b: \"9.0.34\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.0.35\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"10.0.0.M1\") >= 0) && (revcomp(a: version, b: \"10.0.0.M4\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"10.0.0-M5\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-10T17:56:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "description": "Apache Tomcat is prone to a remote code execution vulnerability.", "modified": "2020-06-09T00:00:00", "published": "2020-05-25T00:00:00", "id": "OPENVAS:1361412562310143963", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143963", "type": "openvas", "title": "Apache Tomcat RCE Vulnerability - May20 (Linux)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143963\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-25 09:00:31 +0000 (Mon, 25 May 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2020-9484\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache Tomcat RCE Vulnerability - May20 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Apache Tomcat is prone to a remote code execution vulnerability.\");\n\n script_tag(name:\"insight\", value:\"If:\n\n - an attacker is able to control the contents and name of a file on the server and\n\n - the server is configured to use the PersistenceManager with a FileStore and\n\n - the PersistenceManager is configured with sessionAttributeValueClassNameFilter='null' (the default unless a\n SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be\n deserialized and\n\n - the attacker knows the relative file path from the storage location used by FileStore to the file the\n attacker has control over\n\n then, using a specifically crafted request, the attacker will be able to trigger remote code execution via\n deserialization of the file under their control. Note that all of conditions must be true for the attack to\n succeed.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat 7.0.0 to 7.0.103, 8.5.0 to 8.5.54, 9.0.0.M1 to 9.0.34 and\n 10.0.0-M1 to 10.0.0-M4.\");\n\n script_tag(name:\"solution\", value:\"Update to version 7.0.104, 8.5.55, 9.0.35, 10.0.0-M5 or later.\");\n\n script_xref(name:\"URL\", value:\"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (isnull(port = get_app_port(cpe: CPE)))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif (version_in_range(version: version, test_version: \"7.0.0\", test_version2: \"7.0.103\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"7.0.104\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"8.5.0\", test_version2: \"8.5.54\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"8.5.55\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"9.0.0.M1\") >= 0) && (revcomp(a: version, b: \"9.0.34\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.0.35\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nif ((revcomp(a: version, b: \"10.0.0.M1\") >= 0) && (revcomp(a: version, b: \"10.0.0.M4\") <= 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"10.0.0-M5\", install_path: location);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-25T13:44:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "description": "The remote host is missing an update for the ", "modified": "2020-06-24T00:00:00", "published": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310877967", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877967", "type": "openvas", "title": "Fedora: Security Advisory for tomcat (FEDORA-2020-d9169235a8)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877967\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:19:27 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for tomcat (FEDORA-2020-d9169235a8)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-d9169235a8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the FEDORA-2020-d9169235a8 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tomcat is the servlet container that is used in the official Reference\nImplementation for the Java Servlet and JavaServer Pages technologies.\nThe Java Servlet and JavaServer Pages specifications are developed by\nSun under the Java Community Process.\n\nTomcat is developed in an open and participatory environment and\nreleased under the Apache Software License version 2.0. Tomcat is intended\nto be a collaboration of the best-of-breed developers from around the world.\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.36~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-10T17:25:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2020-05-25T00:00:00", "id": "OPENVAS:1361412562310853179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853179", "type": "openvas", "title": "openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:0711-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853179\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_cve_id(\"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-25 03:00:48 +0000 (Mon, 25 May 2020)\");\n script_name(\"openSUSE: Security Advisory for tomcat (openSUSE-SU-2020:0711-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0711-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the openSUSE-SU-2020:0711-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tomcat fixes the following issues:\n\n * CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via\n session persistence\n\n If an attacker was able to control the contents and name of a file on a\n server configured to use the PersistenceManager, then the attacker could\n have triggered a remote code execution via deserialization of the file\n under their control.\n\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-711=1\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-3_0-api\", rpm:\"tomcat-el-3_0-api~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-embed\", rpm:\"tomcat-embed~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2_3-api\", rpm:\"tomcat-jsp-2_3-api~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-4_0-api\", rpm:\"tomcat-servlet-4_0-api~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~9.0.35~lp151.3.18.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-15T15:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "description": "The remote host is missing an update for the ", "modified": "2020-06-12T00:00:00", "published": "2020-06-12T00:00:00", "id": "OPENVAS:1361412562310883252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883252", "type": "openvas", "title": "CentOS: Security Advisory for tomcat (CESA-2020:2530)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883252\");\n script_version(\"2020-06-12T07:11:22+0000\");\n script_cve_id(\"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-12 07:11:22 +0000 (Fri, 12 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-12 03:01:12 +0000 (Fri, 12 Jun 2020)\");\n script_name(\"CentOS: Security Advisory for tomcat (CESA-2020:2530)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2020:2530\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-June/035755.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the CESA-2020:2530 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nSecurity Fix(es):\n\n * tomcat: deserialization flaw in session persistence storage leading to\nRCE (CVE-2020-9484)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-docs-webapp\", rpm:\"tomcat-docs-webapp~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-javadoc\", rpm:\"tomcat-javadoc~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsvc\", rpm:\"tomcat-jsvc~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~12.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-25T13:49:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "description": "The remote host is missing an update for the ", "modified": "2020-06-24T00:00:00", "published": "2020-06-23T00:00:00", "id": "OPENVAS:1361412562310877995", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877995", "type": "openvas", "title": "Fedora: Security Advisory for tomcat (FEDORA-2020-ce396e7d5c)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877995\");\n script_version(\"2020-06-24T03:42:18+0000\");\n script_cve_id(\"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 03:42:18 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-23 03:20:38 +0000 (Tue, 23 Jun 2020)\");\n script_name(\"Fedora: Security Advisory for tomcat (FEDORA-2020-ce396e7d5c)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-ce396e7d5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat'\n package(s) announced via the FEDORA-2020-ce396e7d5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tomcat is the servlet container that is used in the official Reference\nImplementation for the Java Servlet and JavaServer Pages technologies.\nThe Java Servlet and JavaServer Pages specifications are developed by\nSun under the Java Community Process.\n\nTomcat is developed in an open and participatory environment and\nreleased under the Apache Software License version 2.0. Tomcat is intended\nto be a collaboration of the best-of-breed developers from around the world.\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~9.0.36~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-10T17:57:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "description": "The remote host is missing an update for the ", "modified": "2020-06-09T00:00:00", "published": "2020-05-24T00:00:00", "id": "OPENVAS:1361412562310892217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892217", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat7 (DLA-2217-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892217\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_cve_id(\"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-24 03:00:07 +0000 (Sun, 24 May 2020)\");\n script_name(\"Debian LTS: Security Advisory for tomcat7 (DLA-2217-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2217-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/961209\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat7'\n package(s) announced via the DLA-2217-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that there was a potential remote code execution\nvia deserialization in tomcat7, a server for HTTP and Java 'servlets'.\");\n\n script_tag(name:\"affected\", value:\"'tomcat7' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in tomcat7 version\n7.0.56-3+really7.0.100-1+deb8u1.\n\nWe recommend that you upgrade your tomcat7 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.0-java-doc\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat7-java\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-admin\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-common\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-docs\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-examples\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat7-user\", ver:\"7.0.56-3+really7.0.100-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:05:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484", "CVE-2020-11996"], "description": "The remote host is missing an update for the ", "modified": "2020-07-17T00:00:00", "published": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310892279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892279", "type": "openvas", "title": "Debian LTS: Security Advisory for tomcat8 (DLA-2279-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892279\");\n script_version(\"2020-07-17T12:33:41+0000\");\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 12:33:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-17 12:33:41 +0000 (Fri, 17 Jul 2020)\");\n script_name(\"Debian LTS: Security Advisory for tomcat8 (DLA-2279-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2279-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/961209\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat8'\n package(s) announced via the DLA-2279-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine.\n\nCVE-2020-9484\n\nWhen using Apache Tomcat and an attacker is able to control the\ncontents and name of a file on the server, and b) the server is\nconfigured to use the PersistenceManager with a FileStore, and c)\nthe PersistenceManager is configured with\nsessionAttributeValueClassNameFilter='null' (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized, and d) the attacker\nknows the relative file path from the storage location used by\nFileStore to the file the attacker has control over, then, using a\nspecifically crafted request, the attacker will be able to trigger\nremote code execution via deserialization of the file under their\ncontrol. Note that all of conditions a) to d) must be true for the\nattack to succeed.\n\nCVE-2020-11996\n\nA specially crafted sequence of HTTP/2 requests sent to Apache\nTomcat could trigger high CPU usage for several seconds. If a\nsufficient number of such requests were made on concurrent HTTP/2\nconnections, the server could become unresponsive.\");\n\n script_tag(name:\"affected\", value:\"'tomcat8' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 9 stretch, these problems have been fixed in version\n8.5.54-0+deb9u2.\n\nWe recommend that you upgrade your tomcat8 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libservlet3.1-java-doc\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-embed-java\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat8-java\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-admin\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-common\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-docs\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-examples\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat8-user\", ver:\"8.5.54-0+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-17T15:46:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12418", "CVE-2020-9484", "CVE-2019-17563", "CVE-2020-1938"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-16T00:00:00", "published": "2020-06-16T00:00:00", "id": "OPENVAS:1361412562311220201645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201645", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1645)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1645\");\n script_version(\"2020-06-16T05:47:52+0000\");\n script_cve_id(\"CVE-2019-12418\", \"CVE-2019-17563\", \"CVE-2020-1938\", \"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-16 05:47:52 +0000 (Tue, 16 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-16 05:47:52 +0000 (Tue, 16 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1645)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1645\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1645\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2020-1645 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.(CVE-2020-1938)\n\nWhen using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.(CVE-2019-17563)\n\nWhen Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.(CVE-2019-12418)\n\nWhen using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an a ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.76~8.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.76~8.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.76~8.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.76~8.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.76~8.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.76~8.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.76~8.h8\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:07:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484", "CVE-2020-13935", "CVE-2020-11996", "CVE-2020-13934"], "description": "The remote host is missing an update for the ", "modified": "2020-07-19T00:00:00", "published": "2020-07-19T00:00:00", "id": "OPENVAS:1361412562310704727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704727", "type": "openvas", "title": "Debian: Security Advisory for tomcat9 (DSA-4727-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704727\");\n script_version(\"2020-07-19T03:00:13+0000\");\n script_cve_id(\"CVE-2020-11996\", \"CVE-2020-13934\", \"CVE-2020-13935\", \"CVE-2020-9484\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-19 03:00:13 +0000 (Sun, 19 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-19 03:00:13 +0000 (Sun, 19 Jul 2020)\");\n script_name(\"Debian: Security Advisory for tomcat9 (DSA-4727-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4727.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4727-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat9'\n package(s) announced via the DSA-4727-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the Tomcat servlet and JSP\nengine, which could result in code execution or denial of service.\");\n\n script_tag(name:\"affected\", value:\"'tomcat9' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), these problems have been fixed in\nversion 9.0.31-1~deb10u2.\n\nWe recommend that you upgrade your tomcat9 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat9-embed-java\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtomcat9-java\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-admin\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-common\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-docs\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-examples\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tomcat9-user\", ver:\"9.0.31-1~deb10u2\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-09-14T17:30:47", "description": "From Red Hat Security Advisory 2020:2530 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2530 advisory.\n\n - tomcat: deserialization flaw in session persistence\n storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 6, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-12T00:00:00", "title": "Oracle Linux 7 : tomcat (ELSA-2020-2530)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-06-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tomcat-javadoc", "p-cpe:/a:oracle:linux:tomcat-jsvc", "p-cpe:/a:oracle:linux:tomcat-el-2.2-api", "p-cpe:/a:oracle:linux:tomcat", "p-cpe:/a:oracle:linux:tomcat-docs-webapp", "p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api", "p-cpe:/a:oracle:linux:tomcat-admin-webapps", "p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api", "p-cpe:/a:oracle:linux:tomcat-lib", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:tomcat-webapps"], "id": "ORACLELINUX_ELSA-2020-2530.NASL", "href": "https://www.tenable.com/plugins/nessus/137387", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2530 and \n# Oracle Linux Security Advisory ELSA-2020-2530 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137387);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"RHSA\", value:\"2020:2530\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n\n script_name(english:\"Oracle Linux 7 : tomcat (ELSA-2020-2530)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2530 :\n\nThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2530 advisory.\n\n - tomcat: deserialization flaw in session persistence\n storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010048.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010050.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.76-12.el7_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T17:30:46", "description": "From Red Hat Security Advisory 2020:2529 :\n\nThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2529 advisory.\n\n - tomcat: deserialization flaw in session persistence\n storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "title": "Oracle Linux 6 : tomcat6 (ELSA-2020-2529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-06-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:oracle:linux:tomcat6-lib", "p-cpe:/a:oracle:linux:tomcat6-el-2.1-api", "p-cpe:/a:oracle:linux:tomcat6-webapps", "p-cpe:/a:oracle:linux:tomcat6-admin-webapps", "p-cpe:/a:oracle:linux:tomcat6-javadoc", "p-cpe:/a:oracle:linux:tomcat6", "p-cpe:/a:oracle:linux:tomcat6-docs-webapp", "p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api"], "id": "ORACLELINUX_ELSA-2020-2529.NASL", "href": "https://www.tenable.com/plugins/nessus/137530", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2529 and \n# Oracle Linux Security Advisory ELSA-2020-2529 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137530);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"RHSA\", value:\"2020:2529\");\n\n script_name(english:\"Oracle Linux 6 : tomcat6 (ELSA-2020-2529)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:2529 :\n\nThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2529 advisory.\n\n - tomcat: deserialization flaw in session persistence\n storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-June/010053.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-admin-webapps-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-docs-webapp-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-el-2.1-api-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-javadoc-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-lib-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tomcat6-webapps-6.0.24-115.el6_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T06:01:38", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2529 advisory.\n\n - tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 7, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-11T00:00:00", "title": "RHEL 6 : tomcat6 (RHSA-2020:2529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-06-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6::client", "cpe:/o:redhat:enterprise_linux:6::workstation", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6::computenode", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "cpe:/o:redhat:enterprise_linux:6::server"], "id": "REDHAT-RHSA-2020-2529.NASL", "href": "https://www.tenable.com/plugins/nessus/137359", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2529. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137359);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"RHSA\", value:\"2020:2529\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2020:2529)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2529 advisory.\n\n - tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1838332\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(502);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2529');\n}\n\npkgs = [\n {'reference':'tomcat6-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-admin-webapps-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-docs-webapp-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-el-2.1-api-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-javadoc-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-jsp-2.1-api-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-lib-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-servlet-2.5-api-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']},\n {'reference':'tomcat6-webapps-6.0.24-115.el6_10', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc');\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:09:30", "description": "The version of Tomcat installed on the remote host is prior to\n7.0.104. It is, therefore, affected by a remote code execution\nvulnerability as referenced in the fixed_in_apache_tomcat_7.0.104_security-7\nadvisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.", "edition": 6, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-22T00:00:00", "title": "Apache Tomcat 7.0.0 < 7.0.104 Remote Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-05-22T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_104.NASL", "href": "https://www.tenable.com/plugins/nessus/136770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136770);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n\n script_name(english:\"Apache Tomcat 7.0.0 < 7.0.104 Remote Code Execution\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to\n7.0.104. It is, therefore, affected by a remote code execution\nvulnerability as referenced in the fixed_in_apache_tomcat_7.0.104_security-7\nadvisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d383947b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 7.0.104 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '7.0.104', min:'7.0.0', severity:SECURITY_WARNING, granularity_regex: \"^7(\\.0)?$\");\n\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:15:07", "description": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to\n9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able\nto control the contents and name of a file on the server; and b) the\nserver is configured to use the PersistenceManager with a FileStore;\nand c) the PersistenceManager is configured with\nsessionAttributeValueClassNameFilter='null' (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized; and d) the attacker knows\nthe relative file path from the storage location used by FileStore to\nthe file the attacker has control over; then, using a specifically\ncrafted request, the attacker will be able to trigger remote code\nexecution via deserialization of the file under their control. Note\nthat all of conditions a) to d) must be true for the attack to\nsucceed. (CVE-2020-9484)", "edition": 4, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-02T00:00:00", "title": "Amazon Linux AMI : tomcat7 (ALAS-2020-1389)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-07-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1389.NASL", "href": "https://www.tenable.com/plugins/nessus/138060", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1389.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138060);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"ALAS\", value:\"2020-1389\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2020-1389)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to\n9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able\nto control the contents and name of a file on the server; and b) the\nserver is configured to use the PersistenceManager with a FileStore;\nand c) the PersistenceManager is configured with\nsessionAttributeValueClassNameFilter='null' (the default unless a\nSecurityManager is used) or a sufficiently lax filter to allow the\nattacker provided object to be deserialized; and d) the attacker knows\nthe relative file path from the storage location used by FileStore to\nthe file the attacker has control over; then, using a specifically\ncrafted request, the attacker will be able to trigger remote code\nexecution via deserialization of the file under their control. Note\nthat all of conditions a) to d) must be true for the attack to\nsucceed. (CVE-2020-9484)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1389.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.104-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.104-1.38.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:42:34", "description": "It was discovered that there was a potential remote code execution via\ndeserialization in tomcat7, a server for HTTP and Java 'servlets'.\n\nFor Debian 8 'Jessie', this issue has been fixed in tomcat7 version\n7.0.56-3+really7.0.100-1+deb8u1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 7, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-26T00:00:00", "title": "Debian DLA-2217-1 : tomcat7 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-05-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc"], "id": "DEBIAN_DLA-2217.NASL", "href": "https://www.tenable.com/plugins/nessus/136833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2217-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136833);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n\n script_name(english:\"Debian DLA-2217-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that there was a potential remote code execution via\ndeserialization in tomcat7, a server for HTTP and Java 'servlets'.\n\nFor Debian 8 'Jessie', this issue has been fixed in tomcat7 version\n7.0.56-3+really7.0.100-1+deb8u1.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libtomcat7-java\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-admin\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-common\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-docs\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-examples\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"tomcat7-user\", reference:\"7.0.56-3+really7.0.100-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:09:35", "description": "The version of Tomcat installed on the remote host is prior to\n9.0.35. It is, therefore, affected by a remote code execution\nvulnerability as referenced in the fixed_in_apache_tomcat_9.0.35_security-9\nadvisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.", "edition": 7, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-22T00:00:00", "title": "Apache Tomcat 9.0.0 < 9.0.35 Remote Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-05-22T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_9_0_35.NASL", "href": "https://www.tenable.com/plugins/nessus/136806", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136806);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/14\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n\n script_name(english:\"Apache Tomcat 9.0.0 < 9.0.35 Remote Code Execution\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a remote code execution vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to\n9.0.35. It is, therefore, affected by a remote code execution\nvulnerability as referenced in the fixed_in_apache_tomcat_9.0.35_security-9\nadvisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c58824c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 9.0.35 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '9.0.35', min:'9.0.0', severity:SECURITY_WARNING, granularity_regex: \"^9(\\.0)?$\");\n\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:24:03", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2530 advisory.\n\n - tomcat: deserialization flaw in session persistence\n storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 5, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-12T00:00:00", "title": "CentOS 7 : tomcat (CESA-2020:2530)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-06-12T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-webapps", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-admin-webapps"], "id": "CENTOS_RHSA-2020-2530.NASL", "href": "https://www.tenable.com/plugins/nessus/137370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:2530 and \n# CentOS Errata and Security Advisory 2020:2530 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137370);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-9484\");\n script_xref(name:\"RHSA\", value:\"2020:2530\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2020:2530)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2530 advisory.\n\n - tomcat: deserialization flaw in session persistence\n storage leading to RCE (CVE-2020-9484)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2020-June/035755.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89ba2d94\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9484\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.76-12.el7_8\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.76-12.el7_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-14T12:46:54", "description": "* tomcat: deserialization flaw in session persistence storage leading\nto RCE (CVE-2020-9484)", "edition": 3, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-17T00:00:00", "title": "Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20200611)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-06-17T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:tomcat6", "p-cpe:/a:fermilab:scientific_linux:tomcat6-lib", "p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps", "p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api", "p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp", "p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc", "p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api"], "id": "SL_20200611_TOMCAT6_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/137533", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137533);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-9484\");\n\n script_name(english:\"Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20200611)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"* tomcat: deserialization flaw in session persistence storage leading\nto RCE (CVE-2020-9484)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2006&L=SCIENTIFIC-LINUX-ERRATA&P=5665\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06f76a18\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-admin-webapps-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-docs-webapp-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-el-2.1-api-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-javadoc-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-lib-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-115.el6_10\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tomcat6-webapps-6.0.24-115.el6_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:05:59", "description": "According to the version of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - When using Apache Tomcat versions 10.0.0-M1 to\n 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and\n 7.0.0 to 7.0.103 if a) an attacker is able to control\n the contents and name of a file on the server and b)\n the server is configured to use the PersistenceManager\n with a FileStore and c) the PersistenceManager is\n configured with\n sessionAttributeValueClassNameFilter='null' (the\n default unless a SecurityManager is used) or a\n sufficiently lax filter to allow the attacker provided\n object to be deserialized and d) the attacker knows the\n relative file path from the storage location used by\n FileStore to the file the attacker has control over\n then, using a specifically crafted request, the\n attacker will be able to trigger remote code execution\n via deserialization of the file under their control.\n Note that all of conditions a) to d) must be true for\n the attack to succeed.(CVE-2020-9484)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-02T00:00:00", "title": "EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1932)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9484"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-webapps", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1932.NASL", "href": "https://www.tenable.com/plugins/nessus/140153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140153);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-9484\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1932)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - When using Apache Tomcat versions 10.0.0-M1 to\n 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and\n 7.0.0 to 7.0.103 if a) an attacker is able to control\n the contents and name of a file on the server and b)\n the server is configured to use the PersistenceManager\n with a FileStore and c) the PersistenceManager is\n configured with\n sessionAttributeValueClassNameFilter='null' (the\n default unless a SecurityManager is used) or a\n sufficiently lax filter to allow the attacker provided\n object to be deserialized and d) the attacker knows the\n relative file path from the storage location used by\n FileStore to the file the attacker has control over\n then, using a specifically crafted request, the\n attacker will be able to trigger remote code execution\n via deserialization of the file under their control.\n Note that all of conditions a) to d) must be true for\n the attack to succeed.(CVE-2020-9484)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1932\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dec2854\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.76-8.h11.eulerosv2r7\",\n \"tomcat-admin-webapps-7.0.76-8.h11.eulerosv2r7\",\n \"tomcat-el-2.2-api-7.0.76-8.h11.eulerosv2r7\",\n \"tomcat-jsp-2.2-api-7.0.76-8.h11.eulerosv2r7\",\n \"tomcat-lib-7.0.76-8.h11.eulerosv2r7\",\n \"tomcat-servlet-3.0-api-7.0.76-8.h11.eulerosv2r7\",\n \"tomcat-webapps-7.0.76-8.h11.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2020-06-15T19:22:55", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "### Background\n\nApache Tomcat is a Servlet-3.0/JSP-2.2 Container.\n\n### Description\n\nApache Tomcat improperly handles deserialization of files under specific circumstances. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache Tomcat 7.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-7.0.104\"\n \n\nAll Apache Tomcat 8.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-8.5.55\"", "edition": 1, "modified": "2020-06-15T00:00:00", "published": "2020-06-15T00:00:00", "id": "GLSA-202006-21", "href": "https://security.gentoo.org/glsa/202006-21", "title": "Apache Tomcat: Remote code execution", "type": "gentoo", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-05-25T05:10:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "This update for tomcat fixes the following issues:\n\n - Update to Tomcat 9.0.35. See changelog at\n <a rel=\"nofollow\" href=\"http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_\">http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_</a>(markt\n )\n\n * CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via\n session persistence\n\n If an attacker was able to control the contents and name of a file on a\n server configured to use the PersistenceManager, then the attacker could\n have triggered a remote code execution via deserialization of the file\n under their control.\n\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-05-25T03:13:58", "published": "2020-05-25T03:13:58", "id": "OPENSUSE-SU-2020:0711-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html", "title": "Security update for tomcat (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2020-06-05T11:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484"], "description": "\nThe Apache Software Foundation reports:\nUnder certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control\n", "edition": 2, "modified": "2020-05-12T00:00:00", "published": "2020-05-12T00:00:00", "id": "676CA486-9C1E-11EA-8B5E-B42E99A1B9C3", "href": "https://vuxml.freebsd.org/freebsd/676ca486-9c1e-11ea-8b5e-b42e99a1b9c3.html", "title": "Apache Tomcat Remote Code Execution via session persistence", "type": "freebsd", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2021-01-09T01:27:14", "bulletinFamily": "software", "cvelist": ["CVE-2020-9484"], "description": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.", "edition": 4, "modified": "2021-01-08T21:27:42", "published": "2020-05-21T18:52:29", "id": "GHSA-344F-F5VG-2JFJ", "href": "https://github.com/advisories/GHSA-344f-f5vg-2jfj", "title": "Potential remote code execution in Apache Tomcat", "type": "github", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-08-04T23:42:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484", "CVE-2020-13935", "CVE-2020-1935"], "description": "It was discovered that Tomcat incorrectly validated the payload length in \na WebSocket frame. A remote attacker could possibly use this issue to cause \nTomcat to hang, resulting in a denial of service. (CVE-2020-13935)\n\nIt was discovered that Tomcat incorrectly handled HTTP header parsing. In \ncertain environments where Tomcat is located behind a reverse proxy, a \nremote attacker could possibly use this issue to perform HTTP Reqest \nSmuggling. (CVE-2020-1935)\n\nIt was discovered that Tomcat incorrectly handled certain uncommon \nPersistenceManager with FileStore configurations. A remote attacker could \npossibly use this issue to execute arbitrary code. (CVE-2020-9484)", "edition": 1, "modified": "2020-08-04T00:00:00", "published": "2020-08-04T00:00:00", "id": "USN-4448-1", "href": "https://ubuntu.com/security/notices/USN-4448-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-10-21T19:21:12", "bulletinFamily": "unix", "cvelist": ["CVE-2020-9484", "CVE-2020-13935", "CVE-2020-11996", "CVE-2020-13934"], "description": "It was discovered that Tomcat did not properly manage HTTP/2 streams. An \nattacker could possibly use this to cause Tomcat to consume resources, \nresulting in a denial of service. (CVE-2020-11996)\n\nIt was discovered that Tomcat did not properly release the HTTP/1.1 \nprocessor after the upgrade to HTTP/2. An attacker could possibly use this \nto generate an OutOfMemoryException, resulting in a denial of service. \n(CVE-2020-13934)\n\nIt was discovered that Tomcat did not properly validate the payload length \nin a WebSocket frame. An attacker could possibly use this to trigger an \ninfinite loop, resulting in a denial of service. (CVE-2020-13935)\n\nIt was discovered that Tomcat did not properly deserialize untrusted data. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2020-9484)", "edition": 1, "modified": "2020-10-21T00:00:00", "published": "2020-10-21T00:00:00", "id": "USN-4596-1", "href": "https://ubuntu.com/security/notices/USN-4596-1", "title": "Tomcat vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oracle": [{"lastseen": "2020-12-24T15:41:17", "bulletinFamily": "software", "cvelist": ["CVE-2015-7501", "CVE-2015-8607", "CVE-2015-8608", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3183", "CVE-2016-4000", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5017", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8332", "CVE-2016-8610", "CVE-2016-9112", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-0861", "CVE-2017-10140", "CVE-2017-12610", "CVE-2017-12626", "CVE-2017-12814", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-15265", "CVE-2017-15708", "CVE-2017-5637", "CVE-2017-5645", "CVE-2018-1000004", "CVE-2018-1000632", "CVE-2018-10237", "CVE-2018-10675", "CVE-2018-10872", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11776", "CVE-2018-1199", "CVE-2018-12015", "CVE-2018-12023", "CVE-2018-12207", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1288", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17190", "CVE-2018-17196", "CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-6616", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913", "CVE-2018-7566", "CVE-2018-8012", "CVE-2018-8013", "CVE-2018-8032", "CVE-2018-8088", "CVE-2019-0188", "CVE-2019-0201", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12973", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14862", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-16056", "CVE-2019-16335", "CVE-2019-16935", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17560", "CVE-2019-17561", "CVE-2019-17563", "CVE-2019-17569", "CVE-2019-17571", "CVE-2019-17573", "CVE-2019-19956", "CVE-2019-20330", "CVE-2019-20388", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5427", "CVE-2019-5489", "CVE-2019-8457", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14527", "CVE-2020-14528", "CVE-2020-14529", "CVE-2020-14530", "CVE-2020-14531", "CVE-2020-14532", "CVE-2020-14533", "CVE-2020-14534", "CVE-2020-14535", "CVE-2020-14536", "CVE-2020-14537", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14541", "CVE-2020-14542", "CVE-2020-14543", "CVE-2020-14544", "CVE-2020-14545", "CVE-2020-14546", "CVE-2020-14547", "CVE-2020-14548", "CVE-2020-14549", "CVE-2020-14550", "CVE-2020-14551", "CVE-2020-14552", "CVE-2020-14553", "CVE-2020-14554", "CVE-2020-14555", "CVE-2020-14556", "CVE-2020-14557", "CVE-2020-14558", "CVE-2020-14559", "CVE-2020-14560", "CVE-2020-14561", "CVE-2020-14562", "CVE-2020-14563", "CVE-2020-14564", "CVE-2020-14565", "CVE-2020-14566", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14569", "CVE-2020-14570", "CVE-2020-14571", "CVE-2020-14572", "CVE-2020-14573", "CVE-2020-14574", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14580", "CVE-2020-14581", "CVE-2020-14582", "CVE-2020-14583", "CVE-2020-14584", "CVE-2020-14585", "CVE-2020-14586", "CVE-2020-14587", "CVE-2020-14588", "CVE-2020-14589", "CVE-2020-14590", "CVE-2020-14591", "CVE-2020-14592", "CVE-2020-14593", "CVE-2020-14594", "CVE-2020-14595", "CVE-2020-14596", "CVE-2020-14597", "CVE-2020-14598", "CVE-2020-14599", "CVE-2020-14600", "CVE-2020-14601", "CVE-2020-14602", "CVE-2020-14603", "CVE-2020-14604", "CVE-2020-14605", "CVE-2020-14606", "CVE-2020-14607", "CVE-2020-14608", "CVE-2020-14609", "CVE-2020-14610", "CVE-2020-14611", "CVE-2020-14612", "CVE-2020-14613", "CVE-2020-14614", "CVE-2020-14615", "CVE-2020-14616", "CVE-2020-14617", "CVE-2020-14618", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14621", "CVE-2020-14622", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14625", "CVE-2020-14626", "CVE-2020-14627", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14630", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14635", "CVE-2020-14636", "CVE-2020-14637", "CVE-2020-14638", "CVE-2020-14639", "CVE-2020-14640", "CVE-2020-14641", "CVE-2020-14642", "CVE-2020-14643", "CVE-2020-14644", "CVE-2020-14645", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14651", "CVE-2020-14652", "CVE-2020-14653", "CVE-2020-14654", "CVE-2020-14655", "CVE-2020-14656", "CVE-2020-14657", "CVE-2020-14658", "CVE-2020-14659", "CVE-2020-14660", "CVE-2020-14661", "CVE-2020-14662", "CVE-2020-14663", "CVE-2020-14664", "CVE-2020-14665", "CVE-2020-14666", "CVE-2020-14667", "CVE-2020-14668", "CVE-2020-14669", "CVE-2020-14670", "CVE-2020-14671", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14678", "CVE-2020-14679", "CVE-2020-14680", "CVE-2020-14681", "CVE-2020-14682", "CVE-2020-14684", "CVE-2020-14685", "CVE-2020-14686", "CVE-2020-14687", "CVE-2020-14688", "CVE-2020-14690", "CVE-2020-14691", "CVE-2020-14692", "CVE-2020-14693", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14696", "CVE-2020-14697", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14701", "CVE-2020-14702", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14705", "CVE-2020-14706", "CVE-2020-14707", "CVE-2020-14708", "CVE-2020-14709", "CVE-2020-14710", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-14716", "CVE-2020-14717", "CVE-2020-14718", "CVE-2020-14719", "CVE-2020-14720", "CVE-2020-14721", "CVE-2020-14722", "CVE-2020-14723", "CVE-2020-14724", "CVE-2020-14725", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1967", "CVE-2020-2513", "CVE-2020-2555", "CVE-2020-2562", "CVE-2020-2966", "CVE-2020-2967", "CVE-2020-2968", "CVE-2020-2969", "CVE-2020-2971", "CVE-2020-2972", "CVE-2020-2973", "CVE-2020-2974", "CVE-2020-2975", "CVE-2020-2976", "CVE-2020-2977", "CVE-2020-2978", "CVE-2020-2981", "CVE-2020-2982", "CVE-2020-2983", "CVE-2020-2984", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-6851", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7595", "CVE-2020-8112", "CVE-2020-8172", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 444 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2684313.1>).\n", "modified": "2020-12-01T00:00:00", "published": "2020-07-14T00:00:00", "id": "ORACLE:CPUJUL2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T15:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2013-7285", "CVE-2015-1832", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2016-10244", "CVE-2016-10328", "CVE-2016-2167", "CVE-2016-2168", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3189", "CVE-2016-4800", "CVE-2016-5000", "CVE-2016-5300", "CVE-2016-5725", "CVE-2016-6153", "CVE-2016-6306", "CVE-2016-8610", "CVE-2016-8734", "CVE-2017-10989", "CVE-2017-12626", "CVE-2017-13098", "CVE-2017-13685", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-15095", "CVE-2017-15286", "CVE-2017-17485", "CVE-2017-3164", "CVE-2017-5644", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-7525", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9096", "CVE-2017-9735", "CVE-2017-9800", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-14718", "CVE-2018-15769", "CVE-2018-17196", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-2765", "CVE-2018-3693", "CVE-2018-5382", "CVE-2018-5968", "CVE-2018-6942", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8088", "CVE-2018-8740", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-10072", "CVE-2019-10097", "CVE-2019-1010239", "CVE-2019-10173", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11048", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11834", "CVE-2019-11835", "CVE-2019-11922", "CVE-2019-12086", "CVE-2019-12260", "CVE-2019-12261", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12900", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17495", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17558", "CVE-2019-17569", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18348", "CVE-2019-20330", "CVE-2019-2897", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5018", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-10108", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11984", "CVE-2020-11993", "CVE-2020-11996", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14672", "CVE-2020-14731", "CVE-2020-14732", "CVE-2020-14734", "CVE-2020-14735", "CVE-2020-14736", "CVE-2020-14740", "CVE-2020-14741", "CVE-2020-14742", "CVE-2020-14743", "CVE-2020-14744", "CVE-2020-14745", "CVE-2020-14746", "CVE-2020-14752", "CVE-2020-14753", "CVE-2020-14754", "CVE-2020-14757", "CVE-2020-14758", "CVE-2020-14759", "CVE-2020-14760", "CVE-2020-14761", "CVE-2020-14762", "CVE-2020-14763", "CVE-2020-14764", "CVE-2020-14765", "CVE-2020-14766", "CVE-2020-14767", "CVE-2020-14768", "CVE-2020-14769", "CVE-2020-14770", "CVE-2020-14771", "CVE-2020-14772", "CVE-2020-14773", "CVE-2020-14774", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14778", "CVE-2020-14779", "CVE-2020-14780", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14783", "CVE-2020-14784", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14787", "CVE-2020-14788", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14792", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14795", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14801", "CVE-2020-14802", "CVE-2020-14803", "CVE-2020-14804", "CVE-2020-14805", "CVE-2020-14806", "CVE-2020-14807", "CVE-2020-14808", "CVE-2020-14809", "CVE-2020-14810", "CVE-2020-14811", "CVE-2020-14812", "CVE-2020-14813", "CVE-2020-14814", "CVE-2020-14815", "CVE-2020-14816", "CVE-2020-14817", "CVE-2020-14818", "CVE-2020-14819", "CVE-2020-14820", "CVE-2020-14821", "CVE-2020-14822", "CVE-2020-14823", "CVE-2020-14824", "CVE-2020-14825", "CVE-2020-14826", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14831", "CVE-2020-14832", "CVE-2020-14833", "CVE-2020-14834", "CVE-2020-14835", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14840", "CVE-2020-14841", "CVE-2020-14842", "CVE-2020-14843", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14847", "CVE-2020-14848", "CVE-2020-14849", "CVE-2020-14850", "CVE-2020-14851", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14854", "CVE-2020-14855", "CVE-2020-14856", "CVE-2020-14857", "CVE-2020-14858", "CVE-2020-14859", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14862", "CVE-2020-14863", "CVE-2020-14864", "CVE-2020-14865", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14871", "CVE-2020-14872", "CVE-2020-14873", "CVE-2020-14875", "CVE-2020-14876", "CVE-2020-14877", "CVE-2020-14878", "CVE-2020-14879", "CVE-2020-14880", "CVE-2020-14881", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-14884", "CVE-2020-14885", "CVE-2020-14886", "CVE-2020-14887", "CVE-2020-14888", "CVE-2020-14889", "CVE-2020-14890", "CVE-2020-14891", "CVE-2020-14892", "CVE-2020-14893", "CVE-2020-14894", "CVE-2020-14895", "CVE-2020-14896", "CVE-2020-14897", "CVE-2020-14898", "CVE-2020-14899", "CVE-2020-14900", "CVE-2020-14901", "CVE-2020-15358", "CVE-2020-15389", "CVE-2020-1730", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1953", "CVE-2020-1954", "CVE-2020-1967", "CVE-2020-2555", "CVE-2020-3235", "CVE-2020-3909", "CVE-2020-4051", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-7067", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8840", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9409", "CVE-2020-9410", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n \nStarting with the October 2020 Critical Patch Update, Oracle lists updates that address vulnerabilities in third-party components which are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. Oracle has published two versions of the October 2020 Critical Patch Update Advisory: this version of the advisory implemented the change in how non-exploitable vulnerabilities in third-party components are reported, and the \u201ctraditional\u201d advisory follows the same format as the previous advisories. The \u201ctraditional\u201d advisory is published at <https://www.oracle.com/security-alerts/cpuoct2020traditional.html>. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 403 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2712240.1>).\n", "modified": "2020-12-08T00:00:00", "published": "2020-10-20T00:00:00", "id": "ORACLE:CPUOCT2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}