GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Jun 16, 2020 12:26 am Post subject: [ GLSA 202006-21 ] Apache Tomcat |
 |
|
Gentoo Linux Security Advisory
Title: Apache Tomcat: Remote code execution (GLSA 202006-21)
Severity: normal
Exploitable: remote
Date: 2020-06-15
Bug(s): #724344
ID: 202006-21
Synopsis
A vulnerability has been discovered in Apache Tomcat which could
result in the arbitrary execution of code.
Background
Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.
Affected Packages
Package: www-servers/tomcat
Vulnerable: < 7.0.104
Vulnerable: < 8.5.55
Unaffected: >= 7.0.104
Unaffected: >= 8.5.55
Architectures: All supported architectures
Description
Apache Tomcat improperly handles deserialization of files under specific
circumstances.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 7.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.104"
|
All Apache Tomcat 8.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.55"
|
References
CVE-2020-9484
Upstream advisory (7)
Upstream advisory (8.5)
|
|
News & Announcements
