Remote Code Execution (RCE)

🗓️ 02 Mar 2021 07:51:38Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 48 Views

tomcat9 remote code execution vulnerabilit

Reporter	Title	Published	Views	Family All 476
GithubExploit	Exploit for CVE-2020-1938	29 Nov 202508:31	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	21 May 202000:41	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	1 Mar 202111:16	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	5 Jun 202020:40	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	26 Jan 202122:51	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	5 Sep 202013:56	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	14 Nov 202214:48	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	10 Feb 202116:27	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	11 Feb 202215:45	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	16 Sep 202418:17	–	githubexploit

Vulners

Node

tomcat9 tomcat9Match9.0.40-1debian

AND

debian debian_linuxMatch999

tomcat8 tomcat8Match8.5.38-2~bpo9+1debian

AND

tomcat8 tomcat8Match8.5.54-0+deb9u1debian

AND

debian debian_linuxMatch9

tomcat9 tomcat9Match9.0.31-1~deb10u2debian

AND

tomcat9 tomcat9Match9.0.31-1~deb10u3debian

AND

debian debian_linuxMatch10

focal focalMatch9.0.31-1ubuntu0.1debian

AND

debian debian_linux

google bionicMatch9.0.16-3ubuntu0.18.04.1debian

AND

debian debian_linux

apache tomcatMatch7.0.54_2.ael7b_1

apache tomcatMatch7.0.76_10.el7_7

apache tomcatMatch7.0.76_12.el7_8

apache tomcatMatch7.0.76_15.el7

apache tomcatMatch7.0.76_7.el7_5

apache tomcatMatch7.0.76_8.el7_5

apache tomcatMatch7.0.76_11.el7_7

apache tomcatMatch7.0.76_9.el7_6

apache tomcatMatch7.0.76_16.el7_9

apache tomcatMatch7.0.76_9.el7

pki-servlet-engine pki-servlet-engineMatch9.0.30_1.module_el8.3.0+454+67dccca4

pki-servlet-engine pki-servlet-engineMatch9.0.30_1.module_el8.4.0+595+e59c9af2

pki-servlet-engine pki-servlet-engineMatch9.0.7_16.module_el8.1.0+233+b2be703e

pki-servlet-engine pki-servlet-engineMatch9.0.7_16.module_el8.2.0+315+896aef55

jws5-mod_cluster jws5-mod_clusterMatch1.4.0_8.final_redhat_1.1.el7jws

jws5-mod_cluster jws5-mod_clusterMatch1.4.1_1.final_redhat_00001.2.el7jws

jws5-mod_cluster jws5-mod_clusterMatch1.4.0_9.final_redhat_1.1.el7jws

jws5-mod_cluster jws5-mod_clusterMatch1.4.1_1.final_redhat_00001.2.el8jws

jws5-mod_cluster jws5-mod_clusterMatch1.4.2_7.final_redhat_00002.2.el8jws

jws5-mod_cluster jws5-mod_clusterMatch1.4.0_9.final_redhat_1.1.el8jws

jws5-mod_cluster jws5-mod_clusterMatch1.4.2_7.final_redhat_00002.2.el7jws

jws5-ecj jws5-ecjMatch4.12.0_1.redhat_1.1.el8jws

jws5-ecj jws5-ecjMatch4.6.1_6.redhat_1.1.el8jws

jws5-ecj jws5-ecjMatch4.6.1_6.redhat_1.1.el7jws

jws5-ecj jws5-ecjMatch4.12.0_1.redhat_1.1.el7jws

jws5-ecj jws5-ecjMatch4.6.1_5.redhat_1.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.36_6.redhat_5.2.el7jws

jws5-tomcat jws5-tomcatMatch9.0.30_3.redhat_4.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.7_20.redhat_17.1.el8jws

jws5-tomcat jws5-tomcatMatch9.0.7_10.redhat_10.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.30_5.redhat_6.1.el8jws

jws5-tomcat jws5-tomcatMatch9.0.30_5.redhat_6.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.36_9.redhat_8.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.30_4.redhat_5.1.el8jws

jws5-tomcat jws5-tomcatMatch9.0.36_9.redhat_8.1.el8jws

jws5-tomcat jws5-tomcatMatch9.0.30_3.redhat_4.1.el8jws

jws5-tomcat jws5-tomcatMatch9.0.21_10.redhat_4.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.36_6.redhat_5.2.el8jws

jws5-tomcat jws5-tomcatMatch9.0.30_4.redhat_5.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.7_17.redhat_16.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.7_12.redhat_12.1.el7jws

jws5-tomcat jws5-tomcatMatch9.0.21_10.redhat_4.1.el8jws

jws5-tomcat jws5-tomcatMatch9.0.7_22.redhat_19.1.el7jws

tomcat6 tomcat6Match6.0.24_114.el6_10

tomcat6 tomcat6Match6.0.41_5_patch_02.ep6.el6

tomcat6 tomcat6Match6.0.24_111.el6_9

tomcat6 tomcat6Match6.0.24_64.el6_5

tomcat6 tomcat6Match6.0.24_55.el6_4

tomcat6 tomcat6Match6.0.41_10_patch_02.ep6.el6

tomcat6 tomcat6Match6.0.24_45.el6

tomcat6 tomcat6Match6.0.35_33_patch_07.ep6.el6

tomcat6 tomcat6Match6.0.41_8_patch_02.ep6.el6

tomcat6 tomcat6Match6.0.24_105.el6_8

tomcat6 tomcat6Match6.0.24_33.el6

tomcat6 tomcat6Match6.0.32_35_patch_09.ep5.el6

tomcat6 tomcat6Match6.0.37_10_patch_01.ep6.el6

tomcat6 tomcat6Match6.0.24_35.el6_1

tomcat6 tomcat6Match6.0.24_36.el6_2

tomcat6 tomcat6Match6.0.37_27_patch_04.ep6.el6

tomcat6 tomcat6Match6.0.32_31_patch_08.ep5.el6

tomcat6 tomcat6Match6.0.24_52.el6_4

tomcat6 tomcat6Match6.0.32_14_patch_03.ep5.el6

tomcat6 tomcat6Match6.0.24_95.el6

tomcat6 tomcat6Match6.0.24_94.el6_7

tomcat6 tomcat6Match6.0.24_15.el6

tomcat6 tomcat6Match6.0.24_24.el6_0

tomcat6 tomcat6Match6.0.37_29_patch_05.ep6.el6

tomcat6 tomcat6Match6.0.24_80.el6

tomcat6 tomcat6Match6.0.24_83.el6_6

tomcat6 tomcat6Match6.0.24_48.el6_3

tomcat6 tomcat6Match6.0.35_24_patch_01.ep6.el6

tomcat6 tomcat6Match6.0.41_15_patch_04.ep6.el6

tomcat6 tomcat6Match6.0.35_29_patch_06.ep6.el6

tomcat6 tomcat6Match6.0.41_19_patch_04.ep6.el6

tomcat6 tomcat6Match6.0.24_78.el6_5

tomcat6 tomcat6Match6.0.24_90.el6

tomcat6 tomcat6Match6.0.24_98.el6_8

tomcat6 tomcat6Match6.0.32_24_patch_07.ep5.el6

tomcat6 tomcat6Match6.0.24_72.el6_5

tomcat6 tomcat6Match6.0.24_49.el6

tomcat6 tomcat6Match6.0.35_25_patch_01.ep6.el6

tomcat6 tomcat6Match6.0.41_17_patch_04.ep6.el6

tomcat6 tomcat6Match6.0.24_57.el6_4

tomcat6 tomcat6Match6.0.24_62.el6

tomcat6 tomcat6Match6.0.24_115.el6_10

jws5-tomcat-vault jws5-tomcat-vaultMatch1.1.7_3.final_redhat_1.1.el7jws

jws5-tomcat-vault jws5-tomcat-vaultMatch1.1.8_1.final_redhat_1.1.el7jws

jws5-tomcat-vault jws5-tomcat-vaultMatch1.1.8_1.final_redhat_1.1.el8jws

jws5-tomcat-vault jws5-tomcat-vaultMatch1.1.7_5.final_redhat_2.1.el8jws

jws5-tomcat-vault jws5-tomcat-vaultMatch1.1.7_5.final_redhat_2.1.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.25_3.redhat_3.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.25_2.redhat_2.el8jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.21_34.redhat_34.el8jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.23_4.redhat_4.el8jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.17_28.redhat_28.el8jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.23_4.redhat_4.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.25_2.redhat_2.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.23_5.redhat_5.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.21_34.redhat_34.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.17_26.redhat_26.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.25_4.redhat_4.el8jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.17_20.redhat_20.el7jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.25_3.redhat_3.el8jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.23_5.redhat_5.el8jws

jws5-tomcat-native jws5-tomcat-nativeMatch1.2.25_4.redhat_4.el7jws

Source	Link
lists	www.lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2021/03/msg00018.html
security-tracker	www.security-tracker.debian.org/tracker/CVE-2021-25329
debian	www.debian.org/security/2021/dsa-4891
security	www.security.gentoo.org/glsa/202208-34
security	www.security.netapp.com/advisory/ntap-20210409-0002/
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com/security-alerts/cpuoct2021.html
oracle	www.oracle.com//security-alerts/cpujul2021.html

07 Nov 2023 23:03Current

2.4Low risk

Vulners AI Score2.4

CVSS 24.4

CVSS 3.17

EPSS0.56636