26 matches found
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...
Fixed in Apache Tomcat 7.0.104
High: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Fixed in Apache Tomcat 8.5.55
Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Fixed in Apache Tomcat 9.0.35
Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
Fixed in Apache Tomcat 10.0.0-M5
Important: Remote Code Execution via session persistence CVE-2020-9484 If: an attacker is able to control the contents and name of a file on the server; and the server is configured to use the PersistenceManager with a FileStore; and the PersistenceManager is configured with...
PT-2020-3309
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 10.0.0-M1 through 10.0.0-M4 Apache Tomcat versions 9.0.0.M1 through 9.0.34 Apache Tomcat versions 8.5.0 through 8.5.54 Apache Tomcat versions 7.0.0 through 7.0.103 Description The issue is related to the deserialization ...