FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache Tomcat Remote Code Execution via session persistence

Affected packages
tomcat7 < 7.0.104
tomcat85 < 8.5.55
tomcat9 < 9.0.35
tomcat-devel < 10.0.0.M5

Details

VuXML ID 676ca486-9c1e-11ea-8b5e-b42e99a1b9c3
Discovery 2020-05-12
Entry 2020-05-22

The Apache Software Foundation reports:

Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control

References

CVE Name CVE-2020-9484
URL http://tomcat.apache.org/security-10.html
URL http://tomcat.apache.org/security-7.html
URL http://tomcat.apache.org/security-8.html
URL http://tomcat.apache.org/security-9.html