CVE-2020-9484

🗓️ 20 May 2020 23:25:22Reported by redhat.comType

A deserialization flaw in Apache Tomcat's FileStore can lead to Remote Code Execution, threatening data confidentiality, integrity, and system availability. Mitigation involves configuring PersistenceManager with sessionAttributeValueClassNameFilter

Reporter	Title	Published	Views	Family All 366
GithubExploit	Exploit for CVE-2020-1938	29 Nov 202508:31	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	21 May 202000:41	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	1 Mar 202111:16	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	5 Jun 202020:40	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	26 Jan 202122:51	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	5 Sep 202013:56	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	14 Nov 202214:48	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	10 Feb 202116:27	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	11 Feb 202215:45	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	16 Sep 202418:17	–	githubexploit

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-9484
mail-archives	www.mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E
tomcat	www.tomcat.apache.org/security-10.html
tomcat	www.tomcat.apache.org/security-7.html
tomcat	www.tomcat.apache.org/security-8.html
tomcat	www.tomcat.apache.org/security-9.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

20 Apr 2024 01:53Current

7.6High risk

Vulners AI Score7.6

EPSS0.93464