FixVibe

// code / spotlight

Apache Tomcat Session-Persistence Advisory

Affected Tomcat runtimes become riskier when FileStore session persistence is enabled.

पकड़

CVE-2020-9484 is a Tomcat deserialization advisory where version alone is not the whole story. The risky shape depends on an affected Tomcat release plus FileStore-backed session persistence and additional attacker-controlled file prerequisites. FixVibe keeps that distinction visible so a dependency match does not read like confirmed remote code execution.

यह कैसे काम करता है

The repo check looks for Tomcat Catalina or embedded-core Maven coordinates in Java build files, including versions referenced through local Maven properties. It also reviews Tomcat `context.xml` and `server.xml` files for PersistentManager plus FileStore session persistence. Version-only matches are reported as version-based advisories; matching configuration strengthens the posture but still does not claim runtime exploitation was proven.

विस्फोट का दायरा

If an affected Tomcat runtime is deployed with FileStore-backed PersistentManager session persistence and the remaining advisory prerequisites are true, attackers may be able to trigger unsafe deserialization through session loading. A repo match should drive a Tomcat upgrade, dependency-tree review, and session persistence configuration review before anyone treats it as confirmed production exposure.

// fixvibe क्या जाँचता है

FixVibe क्या जाँचता है

FixVibe repo scans look for high-confidence security patterns and dependency risk in source context. Reports identify the affected area and recommended fix. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

मज़बूत बचाव

Upgrade the active Tomcat release line to 7.0.104, 8.5.55, 9.0.35, 10.0.0-M5, or newer. Update direct Tomcat artifacts, BOMs, Spring Boot-managed versions, Gradle constraints, or container base images as needed. Remove FileStore-backed PersistentManager session persistence unless required; if retained, configure a strict sessionAttributeValueClassNameFilter and rebuild the deployed WAR, JAR, or image.

// run it on your own app

Ship करते रहें, FixVibe नज़र रखे रहेगा।

FixVibe आपके ऐप की सार्वजनिक सतह को वैसे ही pressure-test करता है जैसे कोई हमलावर करेगा — कोई agent नहीं, कोई install नहीं, कोई card नहीं। हम नए vulnerability पैटर्न पर research करते रहते हैं और उन्हें Cursor, Claude, और Copilot के लिए व्यावहारिक जाँचों और paste-तैयार फ़िक्स में बदलते हैं।

सोर्स कोड
116
इस category में चलाए गए tests
modules
76
समर्पित सोर्स कोड जाँचें
हर scan
487+
सभी categories में tests
  • मुफ़्त — कोई credit card नहीं, कोई install नहीं, कोई Slack ping नहीं
  • बस URL paste करें — हम crawl, probe, और report करते हैं
  • Severity-ग्रेडेड findings, केवल signal तक deduped
  • AI-ready prompts where code applies, plus operator steps for DNS/provider fixes
मुफ़्त scan चलाएँ

// latest checks · practical fixes · ship with confidence

Apache Tomcat Session-Persistence Advisory — Vulnerability स्पॉटलाइट | FixVibe · FixVibe