{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T07:56:33.503","vulnerabilities":[{"cve":{"id":"CVE-2020-9484","sourceIdentifier":"security@apache.org","published":"2020-05-20T19:15:09.257","lastModified":"2024-11-21T05:40:44.420","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."},{"lang":"es","value":"Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M4, 9.0.0.M1 hasta 9.0.34, 8.5.0 hasta 8.5.54 y 7.0.0 hasta 7.0. 103, si a) un atacante es capaz de controlar el contenido y el nombre de un archivo en el servidor; y b) el servidor está configurado para usar el PersistenceManager con un FileStore; y c) el PersistenceManager está configurado con sessionAttributeValueClassNameFilter=\"null\" (el valor predeterminado a menos que se utilice un SecurityManager) o un filtro lo suficientemente laxo como para permitir que el objeto proporcionado por el atacante sea deserializado; y d) el atacante conoce la ruta relativa del archivo desde la ubicación de almacenamiento usada por FileStore hasta el archivo sobre el que el atacante presenta control; entonces, mediante una petición específicamente diseñada, el atacante podrá ser capaz de desencadenar una ejecución de código remota mediante la deserialización del archivo bajo su control. Tome en cuenta que todas las condiciones desde la a) hasta la d) deben cumplirse para que el ataque tenga éxito."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.108","matchCriteriaId":"EE5E91B0-1B3B-4871-ADD0-C772DA1894E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"8.5.63","matchCriteriaId":"6F32163D-F54D-48C9-AE9D-44ABA776B060"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.1","versionEndExcluding":"9.0.43","matchCriteriaId":"C570AD4E-B51D-4490-83B9-BFC8528514EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*","matchCriteriaId":"89B129B2-FB6F-4EF9-BF12-E589A87996CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*","matchCriteriaId":"8B6787B6-54A8-475E-BA1C-AB99334B2535"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*","matchCriteriaId":"EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*","matchCriteriaId":"E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*","matchCriteriaId":"8A6DA0BE-908C-4DA8-A191-A0113235E99A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*","matchCriteriaId":"39029C72-28B4-46A4-BFF5-EC822CFB2A4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*","matchCriteriaId":"1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*","matchCriteriaId":"166C533C-0833-41D5-99B6-17A4FAB3CAF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*","matchCriteriaId":"D3768C60-21FA-4B92-B98C-C3A2602D1BC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*","matchCriteriaId":"DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"9F542E12-6BA8-4504-A494-DA83E7E19BD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*","matchCriteriaId":"C2409CC7-6A85-4A66-A457-0D62B9895DC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*","matchCriteriaId":"B392A7E5-4455-4B1C-8FAC-AE6DDC70689E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*","matchCriteriaId":"EF411DDA-2601-449A-9046-D250419A0E1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*","matchCriteriaId":"D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*","matchCriteriaId":"1B4FBF97-DE16-4E5E-BE19-471E01818D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*","matchCriteriaId":"3B266B1E-24B5-47EE-A421-E0E3CC0C7471"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*","matchCriteriaId":"29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*","matchCriteriaId":"C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"C0C5F004-F7D8-45DB-B173-351C50B0EC16"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"D1902D2E-1896-4D3D-9E1C-3A675255072C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*","matchCriteriaId":"49AAF4DF-F61D-47A8-8788-A21E317A145D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"454211D0-60A2-4661-AECA-4C0121413FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*","matchCriteriaId":"0686F977-889F-4960-8E0B-7784B73A7F2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"558703AE-DB5E-4DFF-B497-C36694DD7B24"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"ED6273F2-1165-47A4-8DD7-9E9B2472941B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*","matchCriteriaId":"90CD7E85-4FF9-4158-AC78-4BFCBC882A65"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*","matchCriteriaId":"7EA56B52-1015-40CD-B10C-393768094269"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"501B0D4A-D636-4736-979B-D5023599CEFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"94E7764F-BF9E-463E-B446-A9A8DB92BB97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","matchCriteriaId":"36D96259-24BD-44E2-96D9-78CE1D41F956"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","matchCriteriaId":"902B8056-9E37-443B-8905-8AA93E2447FB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*","matchCriteriaId":"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*","matchCriteriaId":"ED43772F-D280-42F6-A292-7198284D6FE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*","matchCriteriaId":"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"B6B6FE82-7BFA-481D-99D6-789B146CA18B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*","matchCriteriaId":"4479F76A-4B67-41CC-98C7-C76B81050F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.4.0.5","matchCriteriaId":"12981AA7-BBF6-4158-8F7D-9DD3880FDCC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndIncluding":"8.2.2","matchCriteriaId":"B51F78F4-8D7E-48C2-86D1-D53A6EB348A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"0DB23B9A-571E-4B77-B432-23F3DC9B67D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndIncluding":"8.2.2","matchCriteriaId":"3E5416A1-EE58-415D-9645-B6A875EBAED2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndIncluding":"8.2.2","matchCriteriaId":"11B0C37E-D7C7-45F2-A8D8-5A3B1B191430"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"46E7237C-00BD-4490-96C3-A8EAE4CE2C0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*","matchCriteriaId":"C1E05472-8F3A-4E46-90E5-50EA6D555FDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*","matchCriteriaId":"02E34416-E767-4F61-8D2C-0D0202351F91"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"9C5E9A12-BFE9-4963-A360-A34168A6BF6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"CA2E1357-E3A1-461C-B7A0-A9446E45496D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1A3DC116-2844-47A1-BEC2-D0675DD97148"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","versionStartIncluding":"17.1","versionEndIncluding":"17.3","matchCriteriaId":"9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A2E3E923-E2AD-400D-A618-26ADF7F841A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9AB58D27-37F2-4A32-B786-3490024290A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.21","matchCriteriaId":"70C60E6C-1A61-422B-A132-FB024761F576"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*","matchCriteriaId":"EE8CF045-09BB-4069-BCEC-496D5AE3B780"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*","versionEndIncluding":"21.9","matchCriteriaId":"7AACBCC9-FDAC-42DF-B931-BD908CAF5C65"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*","versionEndIncluding":"20.12","matchCriteriaId":"30DB69BD-0F6E-4AB5-A861-7CB911C35660"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*","matchCriteriaId":"A58642E0-CA59-4DE6-A83C-F551FC621C32"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"AD848FE1-CFD7-490C-B008-DF3B30F3256F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*","matchCriteriaId":"630C8E99-FE49-486E-9003-40B82809B7A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*","matchCriteriaId":"C842DE9E-5E12-4295-AFA5-DEB5FEDE490A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEB90C24-D252-4099-A7A1-9F8754DFB4A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*","matchCriteriaId":"106FDF5A-D377-4E5F-8BF9-09290019C98A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*","matchCriteriaId":"0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*","matchCriteriaId":"7B00DDE7-7002-45BE-8EDE-65D964922CB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*","matchCriteriaId":"FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*","matchCriteriaId":"7DE847E0-431D-497D-9C57-C4E59749F6A0"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2020/Jun/6","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/03/01/2","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10332","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E","source":"security@apache.org","tags":["Mailing List","Mitigation","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/","source":"security@apache.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/","source":"security@apache.org"},{"url":"https://security.gentoo.org/glsa/202006-21","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200528-0005/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4448-1/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4596-1/","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4727","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2020/Jun/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2021/03/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10332","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202006-21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200528-0005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4448-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4596-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}