The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_name": "libservlet3.1-java", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "libservlet3.1-java-doc", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "libtomcat8-java", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "tomcat8", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "tomcat8-admin", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "tomcat8-common", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "tomcat8-docs", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "tomcat8-examples", "binary_version": "8.0.32-1ubuntu1.13+esm1" }, { "binary_name": "tomcat8-user", "binary_version": "8.0.32-1ubuntu1.13+esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_name": "libtomcat8-embed-java", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" }, { "binary_name": "libtomcat8-java", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" }, { "binary_name": "tomcat8", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" }, { "binary_name": "tomcat8-admin", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" }, { "binary_name": "tomcat8-common", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" }, { "binary_name": "tomcat8-docs", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" }, { "binary_name": "tomcat8-examples", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" }, { "binary_name": "tomcat8-user", "binary_version": "8.5.39-1ubuntu1~18.04.3+esm2" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_name": "libtomcat9-embed-java", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" }, { "binary_name": "libtomcat9-java", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" }, { "binary_name": "tomcat9", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" }, { "binary_name": "tomcat9-admin", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" }, { "binary_name": "tomcat9-common", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" }, { "binary_name": "tomcat9-docs", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" }, { "binary_name": "tomcat9-examples", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" }, { "binary_name": "tomcat9-user", "binary_version": "9.0.16-3ubuntu0.18.04.2+esm2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_name": "libtomcat9-embed-java", "binary_version": "9.0.31-1ubuntu0.6" }, { "binary_name": "libtomcat9-java", "binary_version": "9.0.31-1ubuntu0.6" }, { "binary_name": "tomcat9", "binary_version": "9.0.31-1ubuntu0.6" }, { "binary_name": "tomcat9-admin", "binary_version": "9.0.31-1ubuntu0.6" }, { "binary_name": "tomcat9-common", "binary_version": "9.0.31-1ubuntu0.6" }, { "binary_name": "tomcat9-docs", "binary_version": "9.0.31-1ubuntu0.6" }, { "binary_name": "tomcat9-examples", "binary_version": "9.0.31-1ubuntu0.6" }, { "binary_name": "tomcat9-user", "binary_version": "9.0.31-1ubuntu0.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_name": "libtomcat9-embed-java", "binary_version": "9.0.58-1" }, { "binary_name": "libtomcat9-java", "binary_version": "9.0.58-1" }, { "binary_name": "tomcat9", "binary_version": "9.0.58-1" }, { "binary_name": "tomcat9-admin", "binary_version": "9.0.58-1" }, { "binary_name": "tomcat9-common", "binary_version": "9.0.58-1" }, { "binary_name": "tomcat9-docs", "binary_version": "9.0.58-1" }, { "binary_name": "tomcat9-examples", "binary_version": "9.0.58-1" }, { "binary_name": "tomcat9-user", "binary_version": "9.0.58-1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_name": "libtomcat9-embed-java", "binary_version": "9.0.70-1ubuntu1" }, { "binary_name": "libtomcat9-java", "binary_version": "9.0.70-1ubuntu1" }, { "binary_name": "tomcat9", "binary_version": "9.0.70-1ubuntu1" }, { "binary_name": "tomcat9-admin", "binary_version": "9.0.70-1ubuntu1" }, { "binary_name": "tomcat9-common", "binary_version": "9.0.70-1ubuntu1" }, { "binary_name": "tomcat9-docs", "binary_version": "9.0.70-1ubuntu1" }, { "binary_name": "tomcat9-examples", "binary_version": "9.0.70-1ubuntu1" }, { "binary_name": "tomcat9-user", "binary_version": "9.0.70-1ubuntu1" } ] }