Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-9484

CWE-502 — Deserialization of Untrusted Data CWE-36730 documents12 sources

Severity

7.0HIGH

EPSS

93.3%

top 0.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Tomcat Oracle Communications Diameter Signaling Router Oracle Communications Element Manager +24 more

Timeline

PublishedMay 20

Latest updateAug 1

Description

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserial…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages30 packages

▶NVDoracle/managed_file_transfer12.2.1.3.0, 12.2.1.4.0+1

▶NVDapache/tomcat7.0.0 — 7.0.108+4

▶Mavenorg.apache.tomcat:tomcat-catalina10.0.0-M1 — 10.0.0-M5+3

▶CVEListV5apache_tomcatApache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103

▶CVEListV5apache_software_foundation/apache_tomcat4 versions+3

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 31, 32, Ubuntu Linux 16.04, 20.04

Patches

Patch: lists.apache.org ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

tomcat8, tomcat9 vulnerabilities↗2024-08-01

▶

OSV

tomcat vulnerabilities↗2024-07-23

▶

OSV

tomcat9 vulnerabilities↗2022-03-31

▶

GHSA

Race condition in Apache Tomcat↗2022-02-01

▶

GHSA

Potential remote code execution in Apache Tomcat↗2021-03-19

▶

💥Exploits & PoCs

Nuclei

Apache Tomcat Remote Command Execution

▶

🔍Detection Rules

Suricata

ET EXPLOIT Attempted Directory Traversal via HTTP Cookie (CVE-2020-9484)↗2020-06-05

▶

📋Vendor Advisories

Ubuntu

Tomcat vulnerabilities↗2024-08-01

▶

Ubuntu

Tomcat vulnerabilities↗2024-07-23

▶

Ubuntu

Tomcat vulnerabilities↗2022-03-31

▶

Red Hat

tomcat: local privilege escalation vulnerability↗2022-01-26

▶

Oracle

Oracle Oracle Siebel CRM Risk Matrix: Marketing (Apache Tomcat) — CVE-2020-9484↗2021-10-15

▶

💬Community

Bugzilla

CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE [fedora-all]↗2020-05-22

▶

Bugzilla

CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE↗2020-05-20

▶