Details of VAR-202005-1052

ID

VAR-202005-1052

CVE

CVE-2020-9484

TITLE

Apache Tomcat Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202005-1078

DESCRIPTION

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. The program implements support for Servlet and JavaServer Page (JSP). The following products and versions are affected: Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to Version 7.0.103. A deserialization flaw exists in Apache Tomcat's use of a FileStore. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-9484) The fix for CVE-2020-9484 was incomplete. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329). For the stable distribution (buster), these problems have been fixed in version 9.0.31-1~deb10u2. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BwACgkQEMKTtsN8 TjbUrw//fOLw1bfjQwHr4fug5xgGtIjccQvMgZ6r4jVWDNUWGns/n0HBIg7IFANW 1LTBXunNygapGke96Cexs/mimcs47wr9Xj6B9R7935NgF7dbXiDPhX99fmMSu4qE mpt9GmynGSOqr2qt+bHMZSIrZ2rpT/WoDbmnVvK0h30Il7VZ2pMEbzq7gd7sfsbO 0FbQr9kza5d5kvih7DLfq/7plhLouyUhzAab3UUJvI1B3ASD4pfEFDSmBJusHJGG 2CTtrO8IFUyYW0ev4/I2KT6rrFiXccEtFhUlpU09SLpy96FP161UVoHILkPHhfqI 9XILKEf0mKVlDfq5q2TOY5WVl8palc5o/Z3xefO4/wZc7/qNNnyzwcNHl6s14czv REID8Llfbro3/XWHkwLXPNFr1VzYXZSX1XhTwKWPWaH+L5WsUSr5uryqIUvSQ96L tTWv3G7KZDwVlio1XJ1t7ZxMkKqEBjvucShFgaOIw1nVD1IrssMKMz9UJQCd4fH5 RtUakyBzUuPbAhUcunMj23n2slZ9WbCANIGKy56O6R71rYI9mYOG2nF2IuUct/F2 iG3/SLJCe2ghVx2Lgz8/nBhZfPEF5FZ2kPHb9KpjjyZ+vl8ZXH83heaYDlDAknXS bTsyFezxJiAwaa9xozjItZPdIBFP9lG8Txmv1AotH7WV/8dRsOU= =E8Ei -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6943-1 August 01, 2024 tomcat8, tomcat9 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Tomcat. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2020-9484) It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-25122) Thomas Wozenilek discovered that Tomcat incorrectly handled certain TLS packets. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected tomcat8 for Ubuntu 18.04 LTS (CVE-2021-41079) Trung Pham discovered that a race condition existed in Tomcat when handling session files with FileStore. A remote attacker could possibly use this issue to execute arbitrary code. This issue affected tomcat8 for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS (CVE-2022-23181) It was discovered that Tomcat's documentation incorrectly stated that EncryptInterceptor provided availability protection when running over an untrusted network. A remote attacker could possibly use this issue to cause a denial of service even if EncryptInterceptor was being used. This issue affected tomcat8 for Ubuntu 18.04 LTS, and tomcat9 for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS (CVE-2022-29885) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS tomcat9-docs 9.0.58-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libtomcat9-java 9.0.31-1ubuntu0.6 tomcat9 9.0.31-1ubuntu0.6 tomcat9-docs 9.0.31-1ubuntu0.6 Ubuntu 18.04 LTS libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro libtomcat9-java 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat8 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat8-docs 8.5.39-1ubuntu1~18.04.3+esm2 Available with Ubuntu Pro tomcat9 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro tomcat9-docs 9.0.16-3ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS libtomcat8-java 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro tomcat8 8.0.32-1ubuntu1.13+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 9 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security update Advisory ID: RHSA-2020:2529-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2529 Issue date: 2020-06-11 CVE Names: CVE-2020-9484 ==================================================================== 1. Summary: An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): noarch: tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: tomcat6-6.0.24-115.el6_10.src.rpm noarch: tomcat6-6.0.24-115.el6_10.noarch.rpm tomcat6-el-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-115.el6_10.noarch.rpm tomcat6-lib-6.0.24-115.el6_10.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-115.el6_10.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): noarch: tomcat6-admin-webapps-6.0.24-115.el6_10.noarch.rpm tomcat6-docs-webapp-6.0.24-115.el6_10.noarch.rpm tomcat6-javadoc-6.0.24-115.el6_10.noarch.rpm tomcat6-webapps-6.0.24-115.el6_10.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuIAOtzjgjWX9erEAQircxAAiJgOBZ2LET65r7XgAUP0MKNR8/ftKZkx VCnUU/yGylYEi5x7PODw8u/wGpmgbaC6rOfsHOETf/SEeUII2CgBUrK4A84/+ySc hxxUZJYJju5F2GcUsneictfVRJhdgehZuD/1Xa8M+x39TwAOqEH6U6+lKjZjCZCE oGLm8zXXePN21rsuF342CsI1/Z0ecCbYZgsIbvNksmtFWkqAsoprJNOJX7mz8QSd wd/mo85aWcL3e3EO9hClLD6wsX4UiiEn6zkuWgtucgqhaX8DnCwRh6aRHvHZBUtO TC+F2gmxl6jqFqK3Yy9Q7VYY5Cf7eeePzDgIVdPOuNuxNQh1y6QIPe+rt1WqNhaF +p+WgjB1GTRoUIQKQ3XwvI4zBypD01ZnZLUicUBMhenOBm8DfeYZ4UusMrJi3AVs rj7ElHVQtBT5S2SkF7RJGPcFV6/UY0XatHHZMZ19ugwiOED+uCpCO3EH/lQbAOLf Ei5Wb6a9uyNGfp/qFuHPzQzGlYr3EVwiv6EL0ME8tclXzV38LWEllQHAAkjGrYv/ xPDFbY4uvK9w26hQyqElycB4wJcn6c3i5D05TDUg92fE+TQ5O9nFlcDV3E+VafoZ sP45dVLPlUh307m/OhCgctbqLcnLef/mQJrUzwc3FR6/AI+R5WAekP47OEJd/Min JP21Ib3I3uM=oD9n -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2020-11996) It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. (CVE-2020-13934) It was discovered that Tomcat did not properly validate the payload length in a WebSocket frame. (CVE-2020-13935) It was discovered that Tomcat did not properly deserialize untrusted data

Trust: 1.89

sources: NVD: CVE-2020-9484 // VULHUB: VHN-187609 // VULMON: CVE-2020-9484 // PACKETSTORM: 168857 // PACKETSTORM: 179893 // PACKETSTORM: 179696 // PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158050 // PACKETSTORM: 158761 // PACKETSTORM: 158034 // PACKETSTORM: 159666

AFFECTED PRODUCTS

vendor:	mcafee	model:	epolicy orchestrator	scope:	eq	version:	5.9.1	Trust: 1.0
vendor:	mcafee	model:	epolicy orchestrator	scope:	eq	version:	5.10.0	Trust: 1.0
vendor:	oracle	model:	communications cloud native core binding support function	scope:	eq	version:	1.10.0	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	lt	version:	7.0.108	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	gte	version:	17.1	Trust: 1.0
vendor:	oracle	model:	agile engineering data management	scope:	eq	version:	6.2.1.0	Trust: 1.0
vendor:	oracle	model:	hospitality guest access	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	mcafee	model:	epolicy orchestrator	scope:	eq	version:	5.9.0	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	transportation management	scope:	eq	version:	6.3.7	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	21c	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.4.0.5	Trust: 1.0
vendor:	oracle	model:	workload manager	scope:	eq	version:	18c	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	communications instant messaging server	scope:	eq	version:	10.0.1.4.0	Trust: 1.0
vendor:	oracle	model:	fmw platform	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	lt	version:	9.0.43	Trust: 1.0
vendor:	oracle	model:	fmw platform	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	siebel apps - marketing	scope:	lte	version:	21.9	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.3	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	workload manager	scope:	eq	version:	12.2.0.1	Trust: 1.0
vendor:	oracle	model:	workload manager	scope:	eq	version:	19c	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.6	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.5	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	gte	version:	8.5.0	Trust: 1.0
vendor:	oracle	model:	hospitality guest access	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	oracle	model:	mysql enterprise monitor	scope:	lte	version:	8.0.21	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	gte	version:	9.0.1	Trust: 1.0
vendor:	oracle	model:	managed file transfer	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	managed file transfer	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	oracle	model:	siebel ui framework	scope:	lte	version:	20.12	Trust: 1.0
vendor:	apache	model:	tomcat	scope:	lt	version:	8.5.63	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	12.2.0.1	Trust: 1.0
vendor:	oracle	model:	communications cloud native core policy	scope:	eq	version:	1.14.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	lte	version:	17.3	Trust: 1.0
vendor:	oracle	model:	database	scope:	eq	version:	19c	Trust: 1.0

sources: NVD: CVE-2020-9484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9484
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202005-1078
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187609
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9484
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9484
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-187609
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9484
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-187609 // VULMON: CVE-2020-9484 // CNNVD: CNNVD-202005-1078 // NVD: CVE-2020-9484

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 1.1

sources: VULHUB: VHN-187609 // NVD: CVE-2020-9484

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1078

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-1078

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-187609

PATCH

title:	Apache Tomcat Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=120592	Trust: 0.6
title:	Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202509 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: tomcat security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202530 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Web Server 5.3.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202506 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202487 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: tomcat6 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202529 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 9 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202483 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: tomcat9: CVE-2020-9484	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cc55062b1693f83a222063668ffd932c	Trust: 0.1
title:	Red Hat: Important: Red Hat support for Spring Boot 2.1.15 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203017 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1389	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1389	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1390	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1390	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202006-5] tomcat8: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202006-5	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1449	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1449	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202006-7] tomcat9: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202006-7	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202005-19] tomcat7: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-19	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1493	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1493	Trust: 0.1
title:	Amazon Linux 2: ALASTOMCAT8.5-2023-008	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASTOMCAT8.5-2023-008	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1491	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1491	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202005-18] tomcat9: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-18	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202006-6] tomcat7: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202006-6	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202005-20] tomcat8: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-20	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-9484 log	Trust: 0.1
title:	Debian Security Advisories: DSA-4727-1 tomcat9 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=948379f644728cd78397969845b23817	Trust: 0.1
title:	Debian Security Advisories: DSA-5265-1 tomcat9 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5ff46eee51fe9c568d7579825e9f7646	Trust: 0.1
title:	Ubuntu Security Notice: USN-5360-1: Tomcat vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5360-1	Trust: 0.1
title:	Amazon Linux 2: ALASTOMCAT8.5-2023-009	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASTOMCAT8.5-2023-009	Trust: 0.1
title:	IBM: Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b4bdf241c7e678e09423e98e7d3134b8	Trust: 0.1
title:	IBM: Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=6625900b3dffe0c4351300480ad4824f	Trust: 0.1
title:	Red Hat: Important: Red Hat Fuse 7.11.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225532 - Security Advisory	Trust: 0.1
title:	https://github.com/osamahamad/CVE-2020-9484-Mass-Scan	url:	https://github.com/osamahamad/CVE-2020-9484-Mass-Scan	Trust: 0.1
title:	https://github.com/anjai94/CVE-2020-9484-exploit	url:	https://github.com/anjai94/CVE-2020-9484-exploit	Trust: 0.1
title:	CVE-2020-9484	url:	https://github.com/DXY0411/CVE-2020-9484	Trust: 0.1
title:	CVE-2020-9484	url:	https://github.com/AssassinUKG/CVE-2020-9484	Trust: 0.1
title:	summary	url:	https://github.com/Catbamboo/Catbamboo.github.io	Trust: 0.1

sources: VULMON: CVE-2020-9484 // CNNVD: CNNVD-202005-1078

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9484	Trust: 2.7
db:	MCAFEE	id:	SB10332	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2021/03/01/2	Trust: 1.7
db:	PACKETSTORM	id:	157924	Trust: 1.1
db:	PACKETSTORM	id:	158761	Trust: 0.8
db:	PACKETSTORM	id:	159666	Trust: 0.8
db:	PACKETSTORM	id:	158050	Trust: 0.8
db:	PACKETSTORM	id:	167841	Trust: 0.7
db:	PACKETSTORM	id:	158103	Trust: 0.7
db:	PACKETSTORM	id:	158621	Trust: 0.7
db:	CNNVD	id:	CNNVD-202005-1078	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2554	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0742	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0993	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0938	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2110	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2046	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1887	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2447	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3547	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3628	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1404	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1793	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2362	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2261	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1130	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2670	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2089	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2731	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1837	Trust: 0.6
db:	NSFOCUS	id:	46749	Trust: 0.6
db:	CS-HELP	id:	SB2022040522	Trust: 0.6
db:	CS-HELP	id:	SB2021072123	Trust: 0.6
db:	CS-HELP	id:	SB2021063003	Trust: 0.6
db:	CS-HELP	id:	SB2022030854	Trust: 0.6
db:	PACKETSTORM	id:	158029	Trust: 0.2
db:	PACKETSTORM	id:	158030	Trust: 0.2
db:	PACKETSTORM	id:	158034	Trust: 0.2
db:	PACKETSTORM	id:	158032	Trust: 0.1
db:	PACKETSTORM	id:	158049	Trust: 0.1
db:	SEEBUG	id:	SSVID-98234	Trust: 0.1
db:	CNVD	id:	CNVD-2020-34449	Trust: 0.1
db:	VULHUB	id:	VHN-187609	Trust: 0.1
db:	VULMON	id:	CVE-2020-9484	Trust: 0.1
db:	PACKETSTORM	id:	168857	Trust: 0.1
db:	PACKETSTORM	id:	179893	Trust: 0.1
db:	PACKETSTORM	id:	179696	Trust: 0.1

sources: VULHUB: VHN-187609 // VULMON: CVE-2020-9484 // PACKETSTORM: 168857 // PACKETSTORM: 179893 // PACKETSTORM: 179696 // PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158050 // PACKETSTORM: 158761 // PACKETSTORM: 158034 // PACKETSTORM: 159666 // CNNVD: CNNVD-202005-1078 // NVD: CVE-2020-9484

REFERENCES

url:	http://packetstormsecurity.com/files/157924/apache-tomcat-cve-2020-9484-proof-of-concept.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	https://security.netapp.com/advisory/ntap-20200528-0005/	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4727	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2020/jun/6	Trust: 1.7
url:	https://security.gentoo.org/glsa/202006-21	Trust: 1.7
url:	https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3cannounce.tomcat.apache.org%3e	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2021/03/01/2	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html	Trust: 1.7
url:	https://usn.ubuntu.com/4448-1/	Trust: 1.7
url:	https://usn.ubuntu.com/4596-1/	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10332	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9484	Trust: 1.5
url:	https://access.redhat.com/security/cve/cve-2020-9484	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3cusers.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3cdev.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cusers.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cannounce.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3cusers.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3cdev.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3cusers.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3cdev.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3cusers.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3ccommits.tomee.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3cusers.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/	Trust: 1.0
url:	https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3cdev.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3cdev.tomcat.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wj7xhkwjwdnwxujh6ub7cliw4twoz26n/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/giqhxentlyunoes4lxvnj2ncuqqrf5vj/	Trust: 0.7
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cannounce.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3cdev.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3cdev.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cdev.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3cdev.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3cdev.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3cusers.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3cusers.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3cusers.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3cusers.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3cusers.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3cusers.tomcat.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3ccommits.tomee.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3ccommits.tomee.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3ccommits.tomee.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3ccommits.tomee.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3ccommits.tomee.apache.org%3e	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2021.0938	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3547/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3628/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/46749	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2089/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2110/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2362/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158050/red-hat-security-advisory-2020-2529-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072123	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022040522	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2554/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2447/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1130	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-tomcat-vulnerabilities-affect-ibm-control-center/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1837/	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2261	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-tomcat-code-execution-via-persistencemanager-32313	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1887/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1404	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0993	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1793/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158621/red-hat-security-advisory-2020-3017-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2046/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2670/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0742	Trust: 0.6
url:	https://packetstormsecurity.com/files/158103/gentoo-linux-security-advisory-202006-21.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021063003	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2731	Trust: 0.6
url:	https://packetstormsecurity.com/files/158761/ubuntu-security-notice-usn-4448-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159666/ubuntu-security-notice-usn-4596-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030854	Trust: 0.6
url:	https://packetstormsecurity.com/files/167841/red-hat-security-advisory-2022-5532-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-tomcat-affects-ibm-platform-symphony-3/	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13935	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11996	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13934	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10332	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/tomcat9	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6943-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29885	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41079	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25122	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.6	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6908-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0221	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3.1/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2487	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=3.1	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2483	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2529	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.13	Trust: 0.1
url:	https://usn.ubuntu.com/4448-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1935	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2509	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=5.3	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.3/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.1	Trust: 0.1
url:	https://usn.ubuntu.com/4596-1	Trust: 0.1

sources: VULHUB: VHN-187609 // PACKETSTORM: 168857 // PACKETSTORM: 179893 // PACKETSTORM: 179696 // PACKETSTORM: 158030 // PACKETSTORM: 158029 // PACKETSTORM: 158050 // PACKETSTORM: 158761 // PACKETSTORM: 158034 // PACKETSTORM: 159666 // CNNVD: CNNVD-202005-1078 // NVD: CVE-2020-9484

CREDITS

Ubuntu

Trust: 1.0

sources: PACKETSTORM: 179893 // PACKETSTORM: 179696 // PACKETSTORM: 158761 // PACKETSTORM: 159666 // CNNVD: CNNVD-202005-1078

SOURCES

db:	VULHUB	id:	VHN-187609
db:	VULMON	id:	CVE-2020-9484
db:	PACKETSTORM	id:	168857
db:	PACKETSTORM	id:	179893
db:	PACKETSTORM	id:	179696
db:	PACKETSTORM	id:	158030
db:	PACKETSTORM	id:	158029
db:	PACKETSTORM	id:	158050
db:	PACKETSTORM	id:	158761
db:	PACKETSTORM	id:	158034
db:	PACKETSTORM	id:	159666
db:	CNNVD	id:	CNNVD-202005-1078
db:	NVD	id:	CVE-2020-9484

LAST UPDATE DATE

2025-11-28T20:39:21.587000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187609	date:	2022-07-25T00:00:00
db:	VULMON	id:	CVE-2020-9484	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202005-1078	date:	2023-07-20T00:00:00
db:	NVD	id:	CVE-2020-9484	date:	2024-11-21T05:40:44.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187609	date:	2020-05-20T00:00:00
db:	VULMON	id:	CVE-2020-9484	date:	2020-05-20T00:00:00
db:	PACKETSTORM	id:	168857	date:	2020-07-28T19:12:00
db:	PACKETSTORM	id:	179893	date:	2024-08-02T16:04:27
db:	PACKETSTORM	id:	179696	date:	2024-07-24T13:32:46
db:	PACKETSTORM	id:	158030	date:	2020-06-11T16:33:05
db:	PACKETSTORM	id:	158029	date:	2020-06-11T16:32:58
db:	PACKETSTORM	id:	158050	date:	2020-06-11T16:36:37
db:	PACKETSTORM	id:	158761	date:	2020-08-05T15:19:31
db:	PACKETSTORM	id:	158034	date:	2020-06-11T16:33:52
db:	PACKETSTORM	id:	159666	date:	2020-10-21T15:52:39
db:	CNNVD	id:	CNNVD-202005-1078	date:	2020-05-20T00:00:00
db:	NVD	id:	CVE-2020-9484	date:	2020-05-20T19:15:09.257