23 matches found
EUVD-2019-0793
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-12418
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access t...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)
The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
Summary Cloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to...
Debian DLA-2155-1 : tomcat8 security update
Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacke...
tomcat: local privilege escalation
A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...
tomcat: local privilege escalation
A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1182)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1182)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker...
EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1136)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker...
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.
Summary IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat. Vulnerability Details CVEID: CVE-2019-12418 DESCRIPTION: Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by a fla...
Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4251-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4251-1 advisory. It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibl...
[SECURITY] [DLA 2077-1] tomcat7 security update
Package : tomcat7 Version : 7.0.56-3+really7.0.99-1 CVE ID : CVE-2019-12418 CVE-2019-17563 Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418 When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to...
USN-4251-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibly use this issue to obtain credentials and gain complete control over the Tomcat instance. CVE-2019-12418 It was discovered that Tomcat...
Amazon Linux AMI : tomcat8 (ALAS-2020-1337)
The version of tomcat8 installed on the remote host is prior to 8.5.50-1.82. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1337 advisory. When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle...
Medium: tomcat8
Issue Overview: When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack ...
Insufficiently Protected Credentials in Apache Tomcat
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...
GHSA-HH3J-X4MC-G48R Insufficiently Protected Credentials in Apache Tomcat
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...
Design/Logic Flaw
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user...
Privilege Escalation
Tomcat-catalina is vulnerable to privilege escalation. When JMX Remote Lifecycle Listener is used to configure Tomcat, a local attack is possible to access Tomcat process or configuration files and manipulate RMI registry, thereby allowing the attacker to act as man-in-the-middle MitM to steal th...