Source: tomcat9 Version: 9.0.34-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 9.0.31-1~deb10u1 Control: found -1 9.0.16-4
Hi, The following vulnerability was published for tomcat9. CVE-2020-9484[0]: | When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to | 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able | to control the contents and name of a file on the server; and b) the | server is configured to use the PersistenceManager with a FileStore; | and c) the PersistenceManager is configured with | sessionAttributeValueClassNameFilter="null" (the default unless a | SecurityManager is used) or a sufficiently lax filter to allow the | attacker provided object to be deserialized; and d) the attacker knows | the relative file path from the storage location used by FileStore to | the file the attacker has control over; then, using a specifically | crafted request, the attacker will be able to trigger remote code | execution via deserialization of the file under their control. Note | that all of conditions a) to d) must be true for the attack to | succeed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-9484 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484 [1] https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35 Regards, Salvatore
