Apache Tomcat: Remote code execution

Apache Tomcat: Remote code execution A vulnerability has been discovered in Apache Tomcat which could result in the arbitrary execution of code. tomcat 2020-06-15 2020-06-15 724344 remote 7.0.104 8.5.55 7.0.104 8.5.55

Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

Apache Tomcat improperly handles deserialization of files under specific circumstances.

A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.

There is no known workaround at this time.

All Apache Tomcat 7.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.104"

All Apache Tomcat 8.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.55"

CVE-2020-9484 Upstream advisory (7) Upstream advisory (8.5) sam_c sam_c