QID 198724

Date Published: 2022-04-04

QID 198724: Ubuntu Security Notification for Tomcat Vulnerabilities (USN-5360-1)

Tomcat incorrectly performed input verification.
Tomcat did not properly deserialize untrusted data.
Tomcat did not properly validate the input length.

A remote attacker could possibly use this issue to intercept sensitiveinformation.
An attacker could possibly use this issue to execute arbitrary code.
Anattacker could possibly use this to trigger an infinite loop, resulting in adenial of service.
(cve-2020-9494, cve-2021-25329, cve-2021-41079).

  • CVSS V3 rated as High - 7.5 severity.
  • CVSS V2 rated as Medium - 5.8 severity.
  • Solution
    Refer to Ubuntu security advisory USN-5360-1 for updates and patch information.
    Vendor References
    Software Advisories
    Advisory ID Software Component Link
    USN-5360-1 Ubuntu Linux URL Logo ubuntu.com/security/notices/USN-5360-1