[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2019-12418 -- tomcat7, tomcat9, tomcat8

ID: oval:org.secpod.oval:def:2005276Date: (C)2020-10-22   (M)2024-02-19
Class: VULNERABILITYFamily: unix




When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.

Platform:
Debian 10.x
Debian 9.x
Product:
tomcat7
tomcat8
tomcat9
Reference:
CVE-2019-12418
CVE    1
CVE-2019-12418
CPE    6
cpe:/o:debian:debian_linux:10.x
cpe:/o:debian:debian_linux:9.0
cpe:/a:apache:tomcat9
cpe:/o:debian:debian_linux:9.x
...

© SecPod Technologies