CVE-2020-9484 Scanner

Apache Tomcat is an open-source Java-based web application server and servlet container. It is widely used by developers to create dynamic websites and process web requests. The server software provides a platform for deploying and running Java-based web applications on various operating systems. It is known for its versatility, scalability, and support for multiple protocols and frameworks. 
 
CVE-2020-9484 is a vulnerability detected in Apache Tomcat versions 7.0.0 to 7.0.103, 8.5.0 to 8.5.54, 9.0.0.M1 to 9.0.34, and 10.0.0-M1 to 10.0.0-M4. The vulnerability allows an attacker to execute remote code by exploiting the PersistenceManager with a FileStore. In other words, if the attacker can control a file on the server and knows the relative path to the FileStore, they can exploit the vulnerability using a specially crafted request. 
 
Exploiting the CVE-2020-9484 vulnerability can lead to serious consequences as it gives unauthorized access to the server and allows attackers to execute arbitrary code, access sensitive data and tamper with the system. The attacker can gain complete control over the server and use it to further propagate malware or launch more attacks. The vulnerability can have severe consequences for businesses that rely on Apache Tomcat as their web application server, compromising their customers' data and putting their reputation at risk. 

Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive and actionable information about security vulnerabilities affecting web applications, servers, and other digital assets. By using the platform, businesses can proactively protect their systems and prevent attacks, saving time and resources in the long term.

REFERENCES

• lists.apache.org: [tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence 
• lists.debian.org: [debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update 
• lists.apache.org: [tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence 
• lists.opensuse.org: openSUSE-SU-2020:0711 
• lists.apache.org: [tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence 
• lists.debian.org: [debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update 
• seclists.org: 20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager 
• security.gentoo.org: GLSA-202006-21 
• lists.fedoraproject.org: FEDORA-2020-ce396e7d5c 
• lists.fedoraproject.org: FEDORA-2020-d9169235a8 
• lists.apache.org: [tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml 
• lists.debian.org: [debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update 
• https://www.oracle.com/security-alerts/cpujul2020.html 
• https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E 
• https://security.netapp.com/advisory/ntap-20200528-0005/ 
• http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html 
• debian.org: DSA-4727 
• usn.ubuntu.com: USN-4448-1 
• lists.apache.org: [tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7) 
• lists.apache.org: [tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7) 
• lists.apache.org: [tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7) 
• lists.apache.org: [tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7) 
• https://www.oracle.com/security-alerts/cpuoct2020.html 
• https://kc.mcafee.com/corporate/index?page=content&id=SB10332 
• usn.ubuntu.com: USN-4596-1 
• https://www.oracle.com/security-alerts/cpujan2021.html 
• lists.apache.org: [tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence) 
• lists.apache.org: [announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence) 
• lists.apache.org: [tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence) 
• lists.apache.org: [tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml 
• lists.apache.org: [tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)
• openwall.com: [oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484 
• lists.apache.org: [tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7) 
• https://www.oracle.com/security-alerts/cpuApr2021.html 
• lists.apache.org: [tomcat-users] 20210701 What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5 
• lists.apache.org: [tomcat-users] 20210701 Re: What is "h2c"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5 
• lists.apache.org: [tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5 
• lists.apache.org: [tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml 
• https://www.oracle.com//security-alerts/cpujul2021.html 
• https://www.oracle.com/security-alerts/cpuoct2021.html 
• https://www.oracle.com/security-alerts/cpujan2022.html 
• https://www.oracle.com/security-alerts/cpujul2022.html