{"id":"CVE-2020-9484","details":"When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.","aliases":["BIT-tomcat-2020-9484","GHSA-344f-f5vg-2jfj"],"modified":"2026-02-11T12:52:32.366388Z","published":"2020-05-20T19:15:09.257Z","related":["MGASA-2020-0277","SUSE-SU-2020:1363-1","SUSE-SU-2020:1364-1","SUSE-SU-2020:1365-1","SUSE-SU-2020:14375-1","SUSE-SU-2020:1497-1","SUSE-SU-2020:1498-1","openSUSE-SU-2020:0711-1","openSUSE-SU-2024:11468-1","openSUSE-SU-2024:13441-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2020/Jun/6"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/03/01/2"},{"type":"ADVISORY","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10332"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202006-21"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200528-0005/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4448-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4596-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4727"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"FIX","url":"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2020/Jun/6"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/03/01/2"},{"type":"ARTICLE","url":"https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"fixed":"dc8bcd9c0704235319d322ca3d4c32263a054766"},{"introduced":"e37b977db6f47e4380ad67114a49e8568951c953"},{"fixed":"eb8d36c30857866536e8c931731c9f86980b00a6"},{"introduced":"e498667bd7811e846771a852b16ce9f1e524b81b"},{"fixed":"b57a2ea4466a2d4ea03a0f90e3f0d6c485b3cfea"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9484.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}