[OFBIZ-12539] Upgrade Tomcat from 9.0.54 to 9.0.58 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 18.12.05, 22.01.01
Fix Version/s: 18.12.06, 22.01.01
Component/s: Gradle
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Attachments

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Jan/22 11:24

Updated:: 26/Jan/22 12:24

Resolved:: 26/Jan/22 12:23