File _patchinfo of Package patchinfo.15149
<patchinfo incident="15149">
<issue tracker="cve" id="2020-9484"/>
<issue tracker="bnc" id="1171928">EMU: VUL-0: CVE-2020-9484: tomcat6,tomcat: Remote Code Execution via session persistence</issue>
<packager>simotek</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for tomcat</summary>
<description>This update for tomcat fixes the following issues:
- Update to Tomcat 9.0.35. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)
* CVE-2020-9484 (bsc#1171928)
Apache Tomcat Remote Code Execution via session persistence
If an attacker was able to control the contents and name of a file on a
server configured to use the PersistenceManager, then the attacker could
have triggered a remote code execution via deserialization of the file under
their control.
</description>
</patchinfo>