Apache Tomcat CVE-2019-12418 Local Privilege Escalation Vulnerability

Description

Apache Tomcat is prone to local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges and gain complete control over the server. Apache Tomcat versions 9.0.0.M1 through 9.0.28 are vulnerable.

Technologies Affected

• Apache Tomcat 9.0.0.M1
• Apache Tomcat 9.0.0.M10
• Apache Tomcat 9.0.0.M11
• Apache Tomcat 9.0.0.M12
• Apache Tomcat 9.0.0.M13
• Apache Tomcat 9.0.0.M15
• Apache Tomcat 9.0.0.M17
• Apache Tomcat 9.0.0.M18
• Apache Tomcat 9.0.0.M19
• Apache Tomcat 9.0.0.M2
• Apache Tomcat 9.0.0.M20
• Apache Tomcat 9.0.0.M21
• Apache Tomcat 9.0.0.M22
• Apache Tomcat 9.0.0.M3
• Apache Tomcat 9.0.0.M4
• Apache Tomcat 9.0.0.M5
• Apache Tomcat 9.0.0.M7
• Apache Tomcat 9.0.0.M9
• Apache Tomcat 9.0.0M6
• Apache Tomcat 9.0.0M8
• Apache Tomcat 9.0.1
• Apache Tomcat 9.0.10
• Apache Tomcat 9.0.12
• Apache Tomcat 9.0.14
• Apache Tomcat 9.0.16
• Apache Tomcat 9.0.17
• Apache Tomcat 9.0.18
• Apache Tomcat 9.0.19
• Apache Tomcat 9.0.20
• Apache Tomcat 9.0.28
• Apache Tomcat 9.0.4
• Apache Tomcat 9.0.5
• Apache Tomcat 9.0.7
• Apache Tomcat 9.0.8
• Apache Tomcat 9.0.9

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the nature of these issues, allow only trusted and accountable individuals to have access.

Updates are available. Please see the references or vendor advisory for more information.