Lucene search

[email protected]NVD:CVE-2021-25329

HistoryMar 01, 2021 - 12:15 p.m.

CVE-2021-25329

2021-03-0112:15:14

[email protected]

web.nvd.nist.gov

apache tomcat

incomplete fix

cve-2020-9484

configuration edge case

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.914

Percentile

99.0%

JSON

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Affected configurations

Nvd

Node

apachetomcatRange7.0.0–7.0.107

apachetomcatRange8.5.0–8.5.61

apachetomcatRange9.0.0–9.0.41

apachetomcatMatch9.0.0milestone1

apachetomcatMatch9.0.0milestone10

apachetomcatMatch9.0.0milestone11

apachetomcatMatch9.0.0milestone12

apachetomcatMatch9.0.0milestone13

apachetomcatMatch9.0.0milestone14

apachetomcatMatch9.0.0milestone15

apachetomcatMatch9.0.0milestone16

apachetomcatMatch9.0.0milestone17

apachetomcatMatch9.0.0milestone18

apachetomcatMatch9.0.0milestone19

apachetomcatMatch9.0.0milestone2

apachetomcatMatch9.0.0milestone20

apachetomcatMatch9.0.0milestone21

apachetomcatMatch9.0.0milestone22

apachetomcatMatch9.0.0milestone23

apachetomcatMatch9.0.0milestone24

apachetomcatMatch9.0.0milestone25

apachetomcatMatch9.0.0milestone26

apachetomcatMatch9.0.0milestone27

apachetomcatMatch9.0.0milestone3

apachetomcatMatch9.0.0milestone4

apachetomcatMatch9.0.0milestone5

apachetomcatMatch9.0.0milestone6

apachetomcatMatch9.0.0milestone7

apachetomcatMatch9.0.0milestone8

apachetomcatMatch9.0.0milestone9

apachetomcatMatch10.0.0-

apachetomcatMatch10.0.0milestone1

apachetomcatMatch10.0.0milestone10

apachetomcatMatch10.0.0milestone2

apachetomcatMatch10.0.0milestone3

apachetomcatMatch10.0.0milestone4

apachetomcatMatch10.0.0milestone5

apachetomcatMatch10.0.0milestone6

apachetomcatMatch10.0.0milestone7

apachetomcatMatch10.0.0milestone8

apachetomcatMatch10.0.0milestone9

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

oracleagile_plmMatch9.3.3

oracleagile_plmMatch9.3.6

oraclecommunications_cloud_native_core_policyMatch1.14.0

oraclecommunications_cloud_native_core_security_edge_protection_proxyMatch1.6.0

oraclecommunications_instant_messaging_serverMatch10.0.1.5.0

oracledatabaseMatch12.2.0.1enterprise

oracledatabaseMatch19centerprise

oracledatabaseMatch21centerprise

oraclegraph_server_and_clientRange<21.3.0

oracleinstantis_enterprisetrackMatch17.1

oracleinstantis_enterprisetrackMatch17.2

oracleinstantis_enterprisetrackMatch17.3

oraclemanaged_file_transferMatch12.2.1.3.0

oraclemanaged_file_transferMatch12.2.1.4.0

oraclemysql_enterprise_monitorRange≤8.0.23

oraclesiebel_ui_frameworkRange<21.9

oraclesiebel_ui_frameworkMatch21.9

VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
apachetomcat9.0.0cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	*	cpe:2.3:a:apache:tomcat::::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
apache	tomcat	9.0.0	cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::