Read the original article: Remote Code Execution Deserialization Vulnerability Blocked by Contrast
On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that has PersistentManager enabled using FileStore. This is not the default setup, but it can be configured by administrators in this way. Red Timmy Security wrote in detail about the vulnerability and exploit.
The post Remote Code Execution Deserialization Vulnerability Blocked by Contrast appeared first on Security Boulevard.
Read the original article: Remote Code Execution Deserialization Vulnerability Blocked by Contrast