E20-15qk1
CVSS:
7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
9
Year:
2020
Description
An insecure deserialization vulnerability exists in Apache Tomcat.
The vulnerability is due to insufficient validation of a cached session file before deserialization.
An attacker can exploit this vulnerability by crafting a malicious HTTP request.
Successful exploitation results in full control of the target server.