CVE-2020-9484
Published at:
-
20-05-2020 09:15
Last modified:
-
25-07-2022 08:15
Total changes:
-
16
Description
Common Vulnerability Scoring System (CVSS)
High
Attack complexity
Local
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.0
Base score
1.0
5.9
Exploitability score
Impact score
Verification logic
Reference
- https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E
- [tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence-Mailing List, Mitigation, Patch, Third Party Advisory
- [debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update-Third Party Advisory
- [tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence-Third Party Advisory
- openSUSE-SU-2020:0711-Third Party Advisory
- [tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence-Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200528-0005/
- [debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update-Third Party Advisory
- 20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager-Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
- GLSA-202006-21-Third Party Advisory
- FEDORA-2020-ce396e7d5c-Mailing List, Third Party Advisory
- FEDORA-2020-d9169235a8-Mailing List, Third Party Advisory
- [tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.html xdocs/security-8.html xdocs/security-9.html-Mailing List, Patch, Vendor Advisory
- [debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2020.html
- DSA-4727-Third Party Advisory
- USN-4448-1-Third Party Advisory
- [tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)-Mailing List, Third Party Advisory
- [tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)-Mailing List, Patch, Third Party Advisory
- [tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)-Mailing List, Third Party Advisory
- [tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)-Mailing List, Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://www.oracle.com/security-alerts/cpuoct2020.html
- USN-4596-1-Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.html
- [tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.html xdocs/security-7.html xdocs/security-8.html xdocs/security-9.html-Exploit, Mailing List, Third Party Advisory
- [tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)-Mailing List, Third Party Advisory
- [tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)-Mailing List, Third Party Advisory
- [announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)-Mailing List, Third Party Advisory
- [tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)-Mailing List, Third Party Advisory
- [oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484-Mailing List, Third Party Advisory
- [tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)-Mailing List, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.html
- [tomcat-users] 20210701 What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5-Mailing List, Third Party Advisory
- [tomcat-users] 20210701 Re: What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5-Mailing List, Third Party Advisory
- [tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5-Mailing List, Third Party Advisory
- [tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.html xdocs/security-7.html xdocs/security-8.html xdocs/security-9.html-Mailing List, Patch, Third Party Advisory
- N/A-Patch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- N/A-
Keywords