EUVD-2019-0793

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-12418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access t...

Apache Tomcat 9.0.0.M1 < 9.0.29 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.29. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.29security-9 advisory. - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)

The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...

org.sakaiproject:sakai-dav-server (>=10.3 <=10.7), org.testatoo.container:testatoo-container-tomcat (>=1.0-rc1 <=1.0-rc2) potentially affected by CVE-2016-8735 via org.apache.tomcat:tomcat-catalina-jmx-remote (>=7.0.5 <=7.0.65)

org.apache.tomcat:tomcat-catalina-jmx-remote MAVEN version =7.0.5, =10.3, =1.0-rc1, =1.0-rc2 Source cves: CVE-2016-8735 Source advisory: OSV:GHSA-CW54-59PW-4G8C...

Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities

Summary Cloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to...

BSA-2020-1044

Security Advisory ID : BSA-2020-1044 Component : Apache Tomcat Revision : 1.0: Final When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able ...

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2020-1645)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections ...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2020-1438)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections ...

CVE-2019-12418

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...

Debian: Security Advisory (DLA-2155-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2155-1 : tomcat8 security update

Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacke...

tomcat: local privilege escalation

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...

tomcat: local privilege escalation

A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1182)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker...

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1136)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker...

Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.

Summary IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2019-12418 DESCRIPTION: Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by a fla...

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4251-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4251-1 advisory. It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibl...

[SECURITY] [DLA 2077-1] tomcat7 security update

Package : tomcat7 Version : 7.0.56-3+really7.0.99-1 CVE ID : CVE-2019-12418 CVE-2019-17563 Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418 When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to...