Upgrade Tomcat to the fixed version of CVE-2020-9484

XMLWordPrintable

    • 6

      Problem Definition

      A recent Tomcat vulnerability (CVE-2020-9484) in which an attacker can access the content and names of files on a server when custom PersistenceManager filestores are used was announced that affects the following versions:
      10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103

      Confluence, as shipped, does not use PersistenceManager and is not vulnerable, but can be made so with customizations.

      Affected versions of Tomcat include:

      • 7.0.0 to 7.0.103
      • 8.5.0 to 8.5.54
      • 9.0.0.M1 to 9.0.34
      • 10.0.0-M1 to 10.0.0-M4

      Suggested Solution

      Include an unaffected version of Tomcat (9.0.35 and above for Tomcat) in Confluence,

            Assignee:
            Xinyi Xu (Inactive)
            Reporter:
            Nobuyuki Mukai
            Votes:
            11 Vote for this issue
            Watchers:
            23 Start watching this issue

              Created:
              Updated:
              Resolved: