Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 8.12.1, 8.13.0-EAP, 8.13.0, 8.5.9, 8.14.0, 8.14.1
Affects Version/s: 8.11.0, 8.12.0, 8.5.8
Component/s: Tomcat
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.05
Support reference count:
14
Symptom Severity:
Severity 2 - Major
UIS:
59
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

The recently disclosed vulnerability regarding Apache Tomcat

CVE-2020-13934

affects the following versions:

Apache Tomcat 8.x from 8.5.1 to 8.5.56
Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36
Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6

Additionally, the following disclosed vulnerability regarding Tomcat:

CVE-2020-13935

affects the following versions:

Apache Tomcat 7.x from 7.0.27 to 7.0.104
Apache Tomcat 8.x from 8.5.1 to 8.5.56
Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36
Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6

We should bundle a more recent version of Tomcat so that Jira is not affected by this in the future.

Steps to Reproduce

Check the CVE reports:
- CVE-2020-13934
- CVE-2020-13935

Expected Results

Not applicable.

Actual Results

Not applicable.

Workaround

Manually upgrade Tomcat according to our documentation.

Attachments

Issue Links

incorporates

CONFSERVER-60004 Upgrade Tomcat to version 9.0.37

Closed

is related to

JRASERVER-71221 Upgrade Apache Tomcat 8.5.50 - version affected by CVE-2020-9484

Closed

relates to

JRASERVER-72609 Upgrade the bundled version of Apache Tomcat to 8.5.68 or later

Closed

blocks: PS-62845 Loading...

mentioned in: Page Loading...

Activity

People

Assignee:: Pawel Cegla

Reporter:: Gregory Peres (Inactive)

Votes:: 15 Vote for this issue

Watchers:: 29 Start watching this issue

Dates

Due:: 19/Oct/2020

Created:: 17/Jul/2020 3:19 PM

Updated:: 14/Oct/2021 2:30 AM

Resolved:: 07/Sep/2020 4:10 PM