Warning Date: 1 March, 2020

Severity Level ● High

Warning Number: 2020-977

Target Sector: All

Description:

Apache has released security update to address multiple vulnerabilities in the following products:

• Apache Tomcat 9.0.0.M1 to 9.0.30
• Apache Tomcat 8.5.0 to 8.5.50
• Apache Tomcat 7.0.0 to 7.0.99

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Bypass of a protection mechanism
• Authentication bypass
• Execute arbitrary code

Best practice and Recommendations:

The CERT team encourages users to update the affected products and check more details by following the link below:

• https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E