MiracleLinux 4 : tomcat6-6.0.24-115.AXS4 (AXSA:2020-136:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-136:02 advisory. tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 Tenable has extracted the preceding description block directly from t...

MiracleLinux 7 : tomcat-7.0.76-12.el7 (AXSA:2020-138:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-138:02 advisory. tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 Tenable has extracted the preceding description block directly from t...

EUVD-2021-0677

Malware in sbrugna...

EUVD-2022-0937

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-9484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2020-9484 with interactive mode and args Designed speci...

USN-6943-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. ...

Ubuntu: Security Advisory (USN-6908-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-6908-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6908-1 advisory. It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly...

RHEL 8 : jbossweb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 Note that Nessus has not...

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: request mixup CVE-2022-25762 - When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 ...

BIT-TOMCAT-2021-25329 Incomplete fix for CVE-2020-9484

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously...

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-008)

The version of tomcat installed on the remote host is prior to 8.5.56-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-008 advisory. A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can...

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT8.5-2023-009 (ALASTOMCAT8.5-2023-009)

The version of tomcat installed on the remote host is prior to 8.5.63-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-009 advisory. A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate...

Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

K03121171: Apache Tomcat vulnerability CVE-2020-9484

Security Advisory Description When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a...

Amazon Linux 2022 : tomcat9 (ALAS2022-2022-233)

The version of tomcat9 installed on the remote host is prior to 9.0.64-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-233 advisory. - The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8,...

Debian DSA-5265-1 : tomcat9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5265 advisory. - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the...

Amazon Linux 2022 : tomcat, tomcat-admin-webapps, tomcat-el-3.0-api (ALAS2022-2022-044)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-044 advisory. The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a...