Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian: Security Advisory for tomcat9 (DSA-4680-1)
Summary:The remote host is missing an update for the 'tomcat9'; package(s) announced via the DSA-4680-1 advisory.
The remote host is missing an update for the 'tomcat9'
package(s) announced via the DSA-4680-1 advisory.

Vulnerability Insight:
Several vulnerabilities were discovered in the Tomcat servlet and JSP
engine, which could result in HTTP request smuggling, code execution
in the AJP connector (disabled by default in Debian) or a man-in-the-middle
attack against the JMX interface.

Affected Software/OS:
'tomcat9' package(s) on Debian Linux.

For the stable distribution (buster), these problems have been fixed in
version 9.0.31-1~
deb10u1. The fix for CVE-2020-1938 may require
configuration changes when Tomcat is used with the AJP connector, e.g.
in combination with libapache-mod-jk. For instance the attribute
secretRequired is set to true by default now. For affected setups it's
recommended to review [link moved to references] before the deploying the update.

We recommend that you upgrade your tomcat9 packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-1935
Debian Security Information: DSA-4673 (Google Search)
Debian Security Information: DSA-4680 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0345 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-1938
SuSE Security Announcement: openSUSE-SU-2020:0597 (Google Search)
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.