{"id":9802,"date":"2021-03-02T13:23:00","date_gmt":"2021-03-02T04:23:00","guid":{"rendered":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/?p=9802"},"modified":"2023-10-17T11:41:08","modified_gmt":"2023-10-17T02:41:08","slug":"apache-tomcat-%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7-cve-2020-9484-%e3%81%ab%e9%96%a2%e3%81%99%e3%82%8b%e6%b3%a8%e6%84%8f%e5%96%9a%e8%b5%b7","status":"publish","type":"post","link":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/public\/heads-up\/apache-tomcat-%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7-cve-2020-9484-%e3%81%ab%e9%96%a2%e3%81%99%e3%82%8b%e6%b3%a8%e6%84%8f%e5%96%9a%e8%b5%b7\/","title":{"rendered":"Apache Tomcat \u306e\u8106\u5f31\u6027 (CVE-2020-9484) \u306b\u95a2\u3059\u308b\u6ce8\u610f\u559a\u8d77"},"content":{"rendered":"\n<p>I. \u6982\u8981<br \/>Apache Software Foundation \u306f\u30012020\u5e745\u670820\u65e5 (\u73fe\u5730\u6642\u9593) \u306b\u3001Apache Tomcat \u306e\u8106\u5f31\u6027 (CVE-2020-9484) \u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002<br \/>\u8106\u5f31\u6027\u3092\u60aa\u7528\u3055\u308c\u308b\u3068\u3001\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u5bfe\u8c61\u30c7\u30fc\u30bf\u306e\u691c\u8a3c\u304c\u9069\u5207\u306b\u884c\u308f\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u306b\u8d77\u56e0\u3057\u3066\u3001\u9060\u9694\u306e\u7b2c\u4e09\u8005\u304c\u3001\u30b5\u30fc\u30d0\u4e0a\u306b\u7ba1\u7406\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u914d\u7f6e\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u5834\u5408\u306b\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\u53c2\u8003\uff1a<a href=\"https:\/\/www.jpcert.or.jp\/at\/2020\/at200024.html\" target=\"_blank\" rel=\"noopener\">https:\/\/www.jpcert.or.jp\/at\/2020\/at200024.html<\/a><\/p>\n<p>\u8106\u5f31\u6027\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001Apache Software Foundation \u304b\u3089\u306e\u60c5\u5831\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>Apache Software Foundation<br \/>CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence<br \/><a href=\"https:\/\/lists.apache.org\/thread.html\/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E\" target=\"_blank\" rel=\"noopener\">https:\/\/lists.apache.org\/thread.html\/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E<\/a><\/p>\n<p>** \u66f4\u65b0: 2021\u5e743\u67082\u65e5\u8ffd\u8a18 ********************************************<br \/>Apache Software Foundation\u306f\u30012021\u5e743\u67081\u65e5\uff08\u7c73\u56fd\u6642\u9593\uff09\u306b\u3001Apache Tomcat\u306e\u8106\u5f31\u6027\uff08CVE-2021-25329\uff09\u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002<br \/>\u4e00\u822c\u7684\u306b\u5229\u7528\u3055\u308c\u306a\u3044\u307e\u308c\u306a\u69cb\u6210\u306b\u304a\u3044\u3066\u3001CVE-2020-9484\u306e\u4fee\u6b63\u304c\u4e0d\u5341\u5206\u3067\u3042\u3063\u305f\u305f\u3081\u3001CVE-2021-25329\u3068\u3057\u3066\u65b0\u898f\u63a1\u756a\u3057\u3001\u4fee\u6b63\u304c\u884c\u308f\u308c\u307e\u3057\u305f\u3002<\/p>\n<p>\u8106\u5f31\u6027\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001Apache Software Foundation\u304b\u3089\u306e\u60c5\u5831\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>Apache Software Foundation<br \/>CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session persistence)<br \/><a href=\"https:\/\/lists.apache.org\/thread.html\/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E\" target=\"_blank\" rel=\"noopener\">https:\/\/lists.apache.org\/thread.html\/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E<\/a><br \/>***********************************************************************<\/p>\n<p><br \/>II. \u5bfe\u8c61<br \/>\u6b21\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306e Apache Tomcat \u304c\u672c\u8106\u5f31\u6027\u306e\u5f71\u97ff\u3092\u53d7\u3051\u307e\u3059\u3002<\/p>\n<p>&#8211; Apache Tomcat 10.0.0-M1 \u304b\u3089 10.0.0-M4<br \/>&#8211; Apache Tomcat 9.0.0.M1 \u304b\u3089 9.0.34<br \/>&#8211; Apache Tomcat 8.5.0 \u304b\u3089 8.5.54<br \/>&#8211; Apache Tomcat 7.0.0 \u304b\u3089 7.0.103<\/p>\n<p>** \u66f4\u65b0: 2021\u5e743\u67082\u65e5\u8ffd\u8a18 ********************************************<br \/>\u6b21\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u8106\u5f31\u6027\uff08CVE-2021-25329\uff09\u306e\u5f71\u97ff\u3092\u53d7\u3051\u307e\u3059\u3002<\/p>\n<p>&#8211; Apache Tomcat 10.0.0-M1 \u304b\u3089 10.0.0<br \/>&#8211; Apache Tomcat 9.0.0.M1 \u304b\u3089 9.0.41<br \/>&#8211; Apache Tomcat 8.5.0 \u304b\u3089 8.5.61<br \/>&#8211; Apache Tomcat 7.0.0 \u304b\u3089 7.0.107<br \/>***********************************************************************<\/p>\n<p>\u672c\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u306f\u3001FileStore \u3092\u7528\u3044\u305f PersistentManager \u304c\u30b5\u30fc\u30d0\u3067\u4f7f\u7528\u3055\u308c\u3066\u304a\u308a\u3001PersistentManager \u306e sessionAttributeValueClassNameFilter \u306e\u8a2d\u5b9a\u304c null \u3042\u308b\u3044\u306f\u4e0d\u5341\u5206\u306a\u72b6\u6cc1\u3067\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><br \/>III. \u5bfe\u7b56<br \/>Apache Software Foundation \u3088\u308a\u3001\u4fee\u6b63\u6e08\u307f\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\u4fee\u6b63\u6e08\u307f\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u3092\u3054\u691c\u8a0e\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>&#8211; Apache Tomcat 10.0.0-M5<br \/>&#8211; Apache Tomcat 9.0.35<br \/>&#8211; Apache Tomcat 8.5.55<br \/>&#8211; Apache Tomcat 7.0.104<\/p>\n<p>** \u66f4\u65b0: 2021\u5e743\u67082\u65e5\u8ffd\u8a18 ********************************************<br \/>\u8106\u5f31\u6027\uff08CVE-2021-25329\uff09\u306b\u3064\u3044\u3066\u3001Apache Software Foundation\u3088\u308a\u6b21\u306e\u4fee\u6b63\u6e08\u307f\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u63d0\u4f9b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\u4fee\u6b63\u6e08\u307f\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u3092\u3054\u691c\u8a0e\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>&#8211; Apache Tomcat 10.0.2<br \/>&#8211; Apache Tomcat 9.0.43<br \/>&#8211; Apache Tomcat 8.5.63<br \/>&#8211; Apache Tomcat 7.0.108<br \/>***********************************************************************<\/p>\n<p><br \/>IV. \u56de\u907f\u7b56<br \/>\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306e\u5b9f\u65bd\u304c\u96e3\u3057\u3044\u5834\u5408\u306b\u306f\u3001\u6b21\u306e\u56de\u907f\u7b56\u306e\u9069\u7528\u3092\u691c\u8a0e\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>&#8211; PersistentManager \u306b\u304a\u3044\u3066 sessionAttributeValueClassNameFilter \u306e\u5024\u3092\u9069\u5207\u306b\u8a2d\u5b9a\u3057\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u63d0\u4f9b\u3059\u308b attribute \u3060\u3051\u304c\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u304a\u3088\u3073\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u308b\u3088\u3046\u306b\u3059\u308b<\/p>\n<p>** \u66f4\u65b0: 2020\u5e745\u670826\u65e5\u8ffd\u8a18 ********************************************<br \/>PersistenceManager \u306e\u8aa4\u8a18\u3092 PersistentManager \u306b\u4fee\u6b63\u3057\u307e\u3057\u305f\u3002<br \/>***********************************************************************<\/p>\n<p><br \/>V. \u53c2\u8003\u60c5\u5831<br \/>Apache Software Foundation<br \/>CVE-2020-9484 Apache Tomcat Remote Code Execution via session\u3000persistence<br \/><a href=\"https:\/\/lists.apache.org\/thread.html\/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E\" target=\"_blank\" rel=\"noopener\">https:\/\/lists.apache.org\/thread.html\/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 10.0.0-M5<br \/><a href=\"https:\/\/tomcat.apache.org\/security-10.html\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-10.html<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 9.0.35<br \/><a href=\"https:\/\/tomcat.apache.org\/security-9.html\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-9.html<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 8.5.55<br \/><a href=\"https:\/\/tomcat.apache.org\/security-8.html\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-8.html<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 7.0.104<br \/><a href=\"https:\/\/tomcat.apache.org\/security-7.html\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-7.html<\/a><\/p>\n<p>** \u66f4\u65b0: 2021\u5e743\u67082\u65e5\u8ffd\u8a18 ********************************************<br \/>Apache Software Foundation<br \/>CVE-2021-25329 Incomplete fix for CVE-2020-9484 (RCE via session persistence)<br \/><a href=\"https:\/\/lists.apache.org\/thread.html\/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E\" target=\"_blank\" rel=\"noopener\">https:\/\/lists.apache.org\/thread.html\/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 10.0.2<br \/><a href=\"https:\/\/tomcat.apache.org\/security-10.html#Fixed_in_Apache_Tomcat_10.0.2\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-10.html#Fixed_in_Apache_Tomcat_10.0.2<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 9.0.43<br \/><a href=\"https:\/\/tomcat.apache.org\/security-9.html#Fixed_in_Apache_Tomcat_9.0.43\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-9.html#Fixed_in_Apache_Tomcat_9.0.43<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 8.5.63<br \/><a href=\"https:\/\/tomcat.apache.org\/security-8.html#Fixed_in_Apache_Tomcat_8.5.63\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-8.html#Fixed_in_Apache_Tomcat_8.5.63<\/a><\/p>\n<p>Apache Software Foundation<br \/>Fixed in Apache Tomcat 7.0.108<br \/><a href=\"https:\/\/tomcat.apache.org\/security-7.html#Fixed_in_Apache_Tomcat_7.0.108\" target=\"_blank\" rel=\"noopener\">https:\/\/tomcat.apache.org\/security-7.html#Fixed_in_Apache_Tomcat_7.0.108<\/a><br \/>***********************************************************************<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I. \u6982\u8981Apache Software Foundation \u306f\u30012020\u5e745\u670820\u65e5 (\u73fe\u5730\u6642\u9593) \u306b\u3001Apache Tomcat \u306e\u8106\u5f31\u6027 (CVE-2020-9484) \u306b\u95a2\u3059\u308b\u60c5\u5831\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u8106\u5f31\u6027\u3092\u60aa\u7528\u3055 [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[45],"_links":{"self":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/9802"}],"collection":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/comments?post=9802"}],"version-history":[{"count":4,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/9802\/revisions"}],"predecessor-version":[{"id":14990,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/9802\/revisions\/14990"}],"wp:attachment":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/media?parent=9802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/categories?post=9802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/tags?post=9802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}