Is DLP vulnerable to CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence?
search cancel

Is DLP vulnerable to CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence?

book

Article ID: 191724

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You want to know if DLP is vulnerable to CVE-2020-9484 as described.

 

 

 

Environment

Release : 15.x, 14.x

 

Cause

The main Tomcat build for recetn versions of DLP is currently 9.x.

Summaries of the releases which relate to this CVE (3 of them in all, search on the number "CVE-2020-9484") are here:

Apache Tomcat® - Apache Tomcat 9 vulnerabilities

Resolution

DLP does not use the PersistentManager with FileStore, which is a required pre-condition for the exploit, and hence is not impacted.

Powered by Wolken Software