Apache Tomcat 环境问题漏洞

CNNVD-ID编号	CNNVD-202002-1130
CVE编号	CVE-2020-1935
发布时间	2020-02-24
更新时间	2021-01-21
漏洞类型	环境问题
漏洞来源	N/A
危险等级	中危
威胁类型	远程
厂商	N/A

漏洞介绍

Apache Tomcat是美国阿帕奇（Apache）软件基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page（JSP）的支持。

Apache Tomcat 9.0.0.M1版本至9.0.30版本、8.5.0版本至8.5.50版本和7.0.0版本至7.0.99版本中存在环境问题漏洞。该漏洞源于网络系统或产品的环境因素不合理。

漏洞补丁

目前厂商已发布升级了Apache Tomcat 环境问题漏洞的补丁，Apache Tomcat 环境问题漏洞的补丁获取链接：

https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E

参考网址

来源:MLIST

链接：https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
来源:MLIST

链接：https://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1@%3Cusers.tomcat.apache.org%3E
来源:MISC

链接：https://www.oracle.com/security-alerts/cpujan2021.html
来源:MLIST

链接：https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E
来源:CONFIRM

链接：https://security.netapp.com/advisory/ntap-20200327-0005/
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html
来源:MLIST

链接：https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75@%3Cusers.tomcat.apache.org%3E
来源:MISC

链接：https://www.oracle.com/security-alerts/cpuoct2020.html
来源:UBUNTU

链接：https://usn.ubuntu.com/4448-1/
来源:MLIST

链接：https://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18@%3Cusers.tomcat.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html
来源:MLIST

链接：https://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7@%3Cusers.tomcat.apache.org%3E
来源:DEBIAN

链接：https://www.debian.org/security/2020/dsa-4680
来源:DEBIAN

链接：https://www.debian.org/security/2020/dsa-4673
来源:MLIST

链接：https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919@%3Cusers.tomcat.apache.org%3E
来源:MISC

链接：https://www.oracle.com/security-alerts/cpujul2020.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-all-apache-tomcat-core-only-publicly-disclosed-vulnerability-cve-2020-1935-cve-2019-17569/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0667/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0867/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2750/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0841/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2020-1935
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3250/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Apache-Tomcat-information-disclosure-via-Reverse-Proxy-Transfer-Encoding-End-of-line-HTTP-Request-Smuggling-31663
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1647/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1887/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158747/Red-Hat-Security-Advisory-2020-3305-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-tomcat-affects-ibm-platform-symphony-2/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1388/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1565/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1674/
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/49207
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159984/Red-Hat-Security-Advisory-2020-5020-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0799/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affected-by-multiple-apache-tomcat-vulnerabilities/
来源:http-request-smuggling-if-tomcat-was-located-behind-a-reverse-proxy

链接：http-request-smuggling-if-tomcat-was-located-behind-a-reverse-proxy/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-17569-cve-2020-1935-
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2670/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157312/Red-Hat-Security-Advisory-2020-1520-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1608/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2020-1935-cve-2019-17569/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158761/Ubuntu-Security-Notice-USN-4448-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2218/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3990/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202002-1130