Rewterz Threat Advisory – CVE-2020-3272 – Cisco Prime Network Registrar DHCP Vulnerability
May 21, 2020Rewterz Threat Advisory – CVE-2020-3956 – VMware Cloud Director updates address Vulnerability
May 21, 2020Rewterz Threat Advisory – CVE-2020-3272 – Cisco Prime Network Registrar DHCP Vulnerability
May 21, 2020Rewterz Threat Advisory – CVE-2020-3956 – VMware Cloud Director updates address Vulnerability
May 21, 2020Severity
High
Analysis Summary
Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when the server is configured to use the PersistenceManager with a FileStore. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Execute arbitrary code
Affected Vendors
Apache Tomcat
Affected Products
- Apache Tomcat 7.0.0
- Apache Tomcat 8.5.0
- Apache Tomcat 9.0.0.M1
- Apache Tomcat 7.0.103
- Apache Tomcat 8.5.54
- Apache Tomcat 9.0.34
- Apache Tomcat 10.0.0-M4
- Apache Tomcat 10.0.0-M1
Remediation
Upgrade to the latest version of Apache Tomcat (7.0.104, 8.5.55, 9.0.35, 10.0.0-M5 or later).