Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-004)

The version of tomcat installed on the remote host is prior to 8.5.75-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT8.5-2023-004 advisory. The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to...

Important: tomcat

Issue Overview: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomc...

Update Tomcat to version 8.5.75 to address CVE-2020-9484/CVE-2022-23181

h3. Issue Summary Update Tomcat to version 8.5.75 to address CVE-2020-9484/CVE-2022-23181. More information can be found here: https://nvd.nist.gov/vuln/detail/CVE-2022-23181 Taken from the page above: quote h3. CVE-2022-23181 Detail Current Description The fix for bug CVE-2020-9484 introduced a...

Apache Tomcat 8.5.55 < 8.5.75 Local Privilege Escalation

The version of Apache Tomcat installed on the remote host is 8.5.55 to 8.5.73, 9.0.35 to 9.0.56, 10.0.0-M5 to 10.0.14 or 10.1.0-M1 to 10.1.0-M8. It is, therefore, affected by a local privilege escalation vulnerability due to a time of check, time of use vulnerability. Note that the scanner has no...