CVE-2020-9484
First published: Wed May 20 2020(Updated: )
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. An attacker can exploit the flaw if all of the following are true: * An attacker is able to control the contents and name of a file on the server. * The server is configured to use the PersistenceManager with a FileStore. * The PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker-provided object to be deserialized. * The attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over. If all these conditions are true, the attacker can use a specifically crafted request to trigger Remote Code Execution through deserialization of the file under their control. This flaw affects the following Tomcat versions: 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, and 7.0.0 to 7.0.103. Upstream commits: Tomcat 10.0: <a href="https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b">https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b</a> Tomcat 9.0: <a href="https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222">https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222</a> Tomcat 8.5: <a href="https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f">https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f</a> Tomcat 7.0: <a href="https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06">https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06</a>
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tomcat6 | <0:6.0.24-115.el6_10 | 0:6.0.24-115.el6_10 |
| redhat/tomcat | <0:7.0.76-12.el7_8 | 0:7.0.76-12.el7_8 |
| redhat/tomcat7 | <0:7.0.70-40.ep7.el6 | 0:7.0.70-40.ep7.el6 |
| redhat/tomcat8 | <0:8.0.36-44.ep7.el6 | 0:8.0.36-44.ep7.el6 |
| redhat/tomcat-native | <0:1.2.23-22.redhat_22.ep7.el6 | 0:1.2.23-22.redhat_22.ep7.el6 |
| redhat/tomcat7 | <0:7.0.70-40.ep7.el7 | 0:7.0.70-40.ep7.el7 |
| redhat/tomcat8 | <0:8.0.36-44.ep7.el7 | 0:8.0.36-44.ep7.el7 |
| redhat/tomcat-native | <0:1.2.23-22.redhat_22.ep7.el7 | 0:1.2.23-22.redhat_22.ep7.el7 |
| redhat/jws5-tomcat | <0:9.0.30-4.redhat_5.1.el6 | 0:9.0.30-4.redhat_5.1.el6 |
| redhat/jws5-tomcat-native | <0:1.2.23-5.redhat_5.el6 | 0:1.2.23-5.redhat_5.el6 |
| redhat/jws5-tomcat | <0:9.0.30-4.redhat_5.1.el7 | 0:9.0.30-4.redhat_5.1.el7 |
| redhat/jws5-tomcat-native | <0:1.2.23-5.redhat_5.el7 | 0:1.2.23-5.redhat_5.el7 |
| redhat/jws5-tomcat | <0:9.0.30-4.redhat_5.1.el8 | 0:9.0.30-4.redhat_5.1.el8 |
| redhat/jws5-tomcat-native | <0:1.2.23-5.redhat_5.el8 | 0:1.2.23-5.redhat_5.el8 |
| redhat/tomcat | <10.0.0 | 10.0.0 |
| redhat/tomcat | <9.0.35 | 9.0.35 |
| redhat/tomcat | <8.5.55 | 8.5.55 |
| redhat/tomcat | <7.0.104 | 7.0.104 |
| maven/org.apache.tomcat:tomcat-catalina | >=7.0.0<7.0.104 | 7.0.104 |
| maven/org.apache.tomcat:tomcat-catalina | >=8.0.0<8.5.55 | 8.5.55 |
| maven/org.apache.tomcat:tomcat-catalina | >=9.0.0<9.0.35 | 9.0.35 |
| maven/org.apache.tomcat:tomcat-catalina | >=10.0.0-M1<=10.0.0-M4 | 10.0.0-M5 |
| Apache Tomcat | >=7.0.0<7.0.108 | |
| Apache Tomcat | >=8.5.0<8.5.63 | |
| Apache Tomcat | >=9.0.1<9.0.43 | |
| Apache Tomcat | =9.0.0-milestone1 | |
| Apache Tomcat | =9.0.0-milestone10 | |
| Apache Tomcat | =9.0.0-milestone11 | |
| Apache Tomcat | =9.0.0-milestone12 | |
| Apache Tomcat | =9.0.0-milestone13 | |
| Apache Tomcat | =9.0.0-milestone14 | |
| Apache Tomcat | =9.0.0-milestone15 | |
| Apache Tomcat | =9.0.0-milestone16 | |
| Apache Tomcat | =9.0.0-milestone17 | |
| Apache Tomcat | =9.0.0-milestone18 | |
| Apache Tomcat | =9.0.0-milestone19 | |
| Apache Tomcat | =9.0.0-milestone2 | |
| Apache Tomcat | =9.0.0-milestone20 | |
| Apache Tomcat | =9.0.0-milestone21 | |
| Apache Tomcat | =9.0.0-milestone22 | |
| Apache Tomcat | =9.0.0-milestone23 | |
| Apache Tomcat | =9.0.0-milestone24 | |
| Apache Tomcat | =9.0.0-milestone25 | |
| Apache Tomcat | =9.0.0-milestone26 | |
| Apache Tomcat | =9.0.0-milestone27 | |
| Apache Tomcat | =9.0.0-milestone3 | |
| Apache Tomcat | =9.0.0-milestone4 | |
| Apache Tomcat | =9.0.0-milestone5 | |
| Apache Tomcat | =9.0.0-milestone6 | |
| Apache Tomcat | =9.0.0-milestone7 | |
| Apache Tomcat | =9.0.0-milestone8 | |
| Apache Tomcat | =9.0.0-milestone9 | |
| Apache Tomcat | =10.0.0-milestone1 | |
| Apache Tomcat | =10.0.0-milestone2 | |
| Apache Tomcat | =10.0.0-milestone3 | |
| Apache Tomcat | =10.0.0-milestone4 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| openSUSE Leap | =15.1 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Oracle Agile Engineering Data Management | =6.2.1.0 | |
| Oracle Agile PLM | =9.3.3 | |
| Oracle Agile PLM | =9.3.5 | |
| Oracle Agile PLM | =9.3.6 | |
| Oracle Communications Cloud Native Core Binding Support Function | =1.10.0 | |
| Oracle Communications Cloud Native Core Policy | =1.14.0 | |
| Oracle Communications Diameter Signaling Router | >=8.0.0.0<=8.4.0.5 | |
| Oracle Communications Element Manager | >=8.2.0<=8.2.2 | |
| Oracle Communications Instant Messaging Server | =10.0.1.4.0 | |
| Oracle Communications Session Report Manager | >=8.2.0<=8.2.2 | |
| Oracle Communications Session Route Manager | >=8.2.0<=8.2.2 | |
| Oracle Database | =12.2.0.1 | |
| Oracle Database | =19c | |
| Oracle Database | =21c | |
| Oracle Fmw Platform | =12.2.1.3.0 | |
| Oracle Fmw Platform | =12.2.1.4.0 | |
| Oracle Hospitality Guest Access | =4.2.0 | |
| Oracle Hospitality Guest Access | =4.2.1 | |
| Oracle Instantis Enterprisetrack | >=17.1<=17.3 | |
| Oracle Managed File Transfer | =12.2.1.3.0 | |
| Oracle Managed File Transfer | =12.2.1.4.0 | |
| Oracle Mysql Enterprise Monitor | <=8.0.21 | |
| Oracle Retail Order Broker | =15.0 | |
| Oracle Siebel Apps - Marketing | <=21.9 | |
| Oracle Siebel Ui Framework | <=20.12 | |
| Oracle Transportation Management | =6.3.7 | |
| Oracle Workload Manager | =12.2.0.1 | |
| Oracle Workload Manager | =18c | |
| Oracle Workload Manager | =19c | |
| McAfee ePolicy Orchestrator | =5.9.0 | |
| McAfee ePolicy Orchestrator | =5.9.1 | |
| McAfee ePolicy Orchestrator | =5.10.0 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
| McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
| IBM Data Risk Manager | <=2.0.6 | |
| debian/tomcat9 | 9.0.43-2~deb11u10 9.0.70-2 9.0.95-1 |
Remedy
Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-9484 https://nvd.nist.gov/vuln/detail/CVE-2020-9484 http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55 http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35
- https://bugzilla.redhat.com/show_bug.cgi?id=1838332
- https://access.redhat.com/errata/RHSA-2020:2529
- https://access.redhat.com/errata/RHSA-2020:2530
- https://access.redhat.com/errata/RHSA-2021:3140
- https://access.redhat.com/errata/RHSA-2022:5532
- https://access.redhat.com/errata/RHSA-2020:2487
- https://access.redhat.com/errata/RHSA-2020:2483
- https://access.redhat.com/errata/RHSA-2020:2506
- https://access.redhat.com/errata/RHSA-2020:2509
- https://access.redhat.com/errata/RHSA-2020:3017
- https://access.redhat.com/security/cve/CVE-2020-9484
- https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html
- https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html
- https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E
- https://security.netapp.com/advisory/ntap-20200528-0005/
- https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html
- http://seclists.org/fulldisclosure/2020/Jun/6
- http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
- https://security.gentoo.org/glsa/202006-21
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/
- https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.debian.org/security/2020/dsa-4727
- https://usn.ubuntu.com/4448-1/
- https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://usn.ubuntu.com/4596-1/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/03/01/2
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://launchpad.net/bugs/cve/CVE-2020-9484
- https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b
- https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222
- https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f
- https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E
- http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5
- http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35
- http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55
- http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1838964
- https://access.redhat.com/security/cve/cve-2020-9484
- https://nvd.nist.gov/vuln/detail/CVE-2020-9484
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222.patch
- https://bugzilla.suse.com/show_bug.cgi?id=1171928
- https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453
- https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4
- https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5
- https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35
- https://tomcat.apache.org/security-9.html
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-7.html
- https://tomcat.apache.org/security-10.html
- https://security.netapp.com/advisory/ntap-20200528-0005
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ
- https://usn.ubuntu.com/4448-1
- https://usn.ubuntu.com/4596-1
- https://github.com/advisories/GHSA-344f-f5vg-2jfj (Advisory)
- https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E
- https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/
- https://security-tracker.debian.org/tracker/CVE-2020-9484
- https://exchange.xforce.ibmcloud.com/vulnerabilities/182231
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484
- https://ubuntu.com/security/CVE-2020-9484
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-9484
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-344f-f5vg-2jfj
- collector/github-advisory
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- package-manager/maven
- vendor/apache
- canonical/apache tomcat
- version/apache tomcat/7.0.0
- version/apache tomcat/8.5.0
- version/apache tomcat/9.0.1
- version/apache tomcat/9.0.0-milestone1
- version/apache tomcat/9.0.0-milestone10
- version/apache tomcat/9.0.0-milestone11
- version/apache tomcat/9.0.0-milestone12
- version/apache tomcat/9.0.0-milestone13
- version/apache tomcat/9.0.0-milestone14
- version/apache tomcat/9.0.0-milestone15
- version/apache tomcat/9.0.0-milestone16
- version/apache tomcat/9.0.0-milestone17
- version/apache tomcat/9.0.0-milestone18
- version/apache tomcat/9.0.0-milestone19
- version/apache tomcat/9.0.0-milestone2
- version/apache tomcat/9.0.0-milestone20
- version/apache tomcat/9.0.0-milestone21
- version/apache tomcat/9.0.0-milestone22
- version/apache tomcat/9.0.0-milestone23
- version/apache tomcat/9.0.0-milestone24
- version/apache tomcat/9.0.0-milestone25
- version/apache tomcat/9.0.0-milestone26
- version/apache tomcat/9.0.0-milestone27
- version/apache tomcat/9.0.0-milestone3
- version/apache tomcat/9.0.0-milestone4
- version/apache tomcat/9.0.0-milestone5
- version/apache tomcat/9.0.0-milestone6
- version/apache tomcat/9.0.0-milestone7
- version/apache tomcat/9.0.0-milestone8
- version/apache tomcat/9.0.0-milestone9
- version/apache tomcat/10.0.0-milestone1
- version/apache tomcat/10.0.0-milestone2
- version/apache tomcat/10.0.0-milestone3
- version/apache tomcat/10.0.0-milestone4
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/20.04
- vendor/oracle
- canonical/oracle agile engineering data management
- version/oracle agile engineering data management/6.2.1.0
- canonical/oracle agile plm
- version/oracle agile plm/9.3.3
- version/oracle agile plm/9.3.5
- version/oracle agile plm/9.3.6
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/1.10.0
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- canonical/oracle communications diameter signaling router
- version/oracle communications diameter signaling router/8.0.0.0
- version/oracle communications diameter signaling router/8.4.0.5
- canonical/oracle communications element manager
- version/oracle communications element manager/8.2.0
- version/oracle communications element manager/8.2.2
- canonical/oracle communications instant messaging server
- version/oracle communications instant messaging server/10.0.1.4.0
- canonical/oracle communications session report manager
- version/oracle communications session report manager/8.2.0
- version/oracle communications session report manager/8.2.2
- canonical/oracle communications session route manager
- version/oracle communications session route manager/8.2.0
- version/oracle communications session route manager/8.2.2
- canonical/oracle database
- version/oracle database/12.2.0.1
- version/oracle database/19c
- version/oracle database/21c
- canonical/oracle fmw platform
- version/oracle fmw platform/12.2.1.3.0
- version/oracle fmw platform/12.2.1.4.0
- canonical/oracle hospitality guest access
- version/oracle hospitality guest access/4.2.0
- version/oracle hospitality guest access/4.2.1
- canonical/oracle instantis enterprisetrack
- version/oracle instantis enterprisetrack/17.1
- version/oracle instantis enterprisetrack/17.3
- canonical/oracle managed file transfer
- version/oracle managed file transfer/12.2.1.3.0
- version/oracle managed file transfer/12.2.1.4.0
- canonical/oracle mysql enterprise monitor
- version/oracle mysql enterprise monitor/8.0.21
- canonical/oracle retail order broker
- version/oracle retail order broker/15.0
- canonical/oracle siebel apps - marketing
- version/oracle siebel apps - marketing/21.9
- canonical/oracle siebel ui framework
- version/oracle siebel ui framework/20.12
- canonical/oracle transportation management
- version/oracle transportation management/6.3.7
- canonical/oracle workload manager
- version/oracle workload manager/12.2.0.1
- version/oracle workload manager/18c
- version/oracle workload manager/19c
- vendor/mcafee
- canonical/mcafee epolicy orchestrator
- version/mcafee epolicy orchestrator/5.9.0
- version/mcafee epolicy orchestrator/5.9.1
- version/mcafee epolicy orchestrator/5.10.0
- version/mcafee epolicy orchestrator/5.10.0-update_1
- version/mcafee epolicy orchestrator/5.10.0-update_2
- version/mcafee epolicy orchestrator/5.10.0-update_3
- package-manager/debian
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6