Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version. Can you confirm if TomEE plus (7.0.7) is impacted by CVE-2020-9484 or BDSA-2020-1193?
Solution - (Copied from BDSA record)
Fixed in 10.0.0.M5 by this commit.
The latest stable releases can be found here.
http://tomcat.apache.org/security-10.html
Advisories
If impacted, can you please upgrade TOMEE plus(7.0.7) with fixed versions of Tomcat ?