cvelist/2019/12xxx/CVE-2019-12418.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-12418",
        "ASSIGNER": "security@apache.org",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Apache Software Foundation",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Tomcat",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "9.0.0.M1 to 9.0.28"
                                        },
                                        {
                                            "version_value": "8.5.0 to 8.5.47"
                                        },
                                        {
                                            "version_value": "7.0.0 to 7.0.97"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Local Privilege Escalation"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "name": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E",
                "url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4596",
                "url": "https://www.debian.org/security/2019/dsa-4596"
            },
            {
                "refsource": "BUGTRAQ",
                "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
                "url": "https://seclists.org/bugtraq/2019/Dec/43"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20200107-0001/",
                "url": "https://security.netapp.com/advisory/ntap-20200107-0001/"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp;utm_medium=RSS",
                "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp;utm_medium=RSS"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2020:0038",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"
            },
            {
                "refsource": "UBUNTU",
                "name": "USN-4251-1",
                "url": "https://usn.ubuntu.com/4251-1/"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "GENTOO",
                "name": "GLSA-202003-43",
                "url": "https://security.gentoo.org/glsa/202003-43"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2155-1] tomcat8 security update",
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4680",
                "url": "https://www.debian.org/security/2020/dsa-4680"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance."
            }
        ]
    }
}
"-Synchronized-Data." 2019-05-28 22:00:48 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2019-12418",`
			`"ASSIGNER": "security@apache.org",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`},`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"vendor_name": "Apache Software Foundation",`
			`"product": {`
			`"product_data": [`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"product_name": "Apache Tomcat",`
			`"version": {`
			`"version_data": [`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"version_value": "9.0.0.M1 to 9.0.28"`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"version_value": "8.5.0 to 8.5.47"`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"version_value": "7.0.0 to 7.0.97"`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"problemtype": {`
			`"problemtype_data": [`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"description": [`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"lang": "eng",`
			`"value": "Local Privilege Escalation"`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`}`
			`]`
			`}`
			`]`
			`},`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"references": {`
			`"reference_data": [`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "CONFIRM",`
			`"name": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E",`
			`"url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"`
"-Synchronized-Data." 2019-12-28 18:01:00 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "DEBIAN",`
			`"name": "DSA-4596",`
			`"url": "https://www.debian.org/security/2019/dsa-4596"`
"-Synchronized-Data." 2019-12-30 09:01:01 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "BUGTRAQ",`
			`"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",`
			`"url": "https://seclists.org/bugtraq/2019/Dec/43"`
"-Synchronized-Data." 2020-01-07 08:01:05 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "CONFIRM",`
			`"name": "https://security.netapp.com/advisory/ntap-20200107-0001/",`
			`"url": "https://security.netapp.com/advisory/ntap-20200107-0001/"`
"-Synchronized-Data." 2020-01-07 09:01:05 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "CONFIRM",`
			`"name": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS",`
			`"url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS"`
"-Synchronized-Data." 2020-01-14 01:01:08 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2020:0038",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"`
"-Synchronized-Data." 2020-01-28 01:01:07 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"`
"-Synchronized-Data." 2020-01-29 03:01:13 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "UBUNTU",`
			`"name": "USN-4251-1",`
			`"url": "https://usn.ubuntu.com/4251-1/"`
"-Synchronized-Data." 2020-02-03 12:01:12 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "MLIST",`
			`"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",`
			`"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"`
"-Synchronized-Data." 2020-02-03 12:01:12 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "MLIST",`
			`"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",`
			`"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"`
"-Synchronized-Data." 2020-02-13 17:01:10 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "MLIST",`
			`"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",`
			`"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"`
"-Synchronized-Data." 2020-02-13 17:01:10 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "MLIST",`
			`"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",`
			`"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"`
"-Synchronized-Data." 2020-02-13 17:01:35 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "MLIST",`
			`"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",`
			`"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"`
"-Synchronized-Data." 2020-03-19 20:01:14 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "GENTOO",`
			`"name": "GLSA-202003-43",`
			`"url": "https://security.gentoo.org/glsa/202003-43"`
"-Synchronized-Data." 2020-03-24 16:01:27 +00:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2155-1] tomcat8 security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"`
Bill Situ <Bill.Situ@Oracle.com> On branch cna/Oracle/CPU2020Apr3rdparty Changes to be committed: modified: 2015/0xxx/CVE-2015-0254.json modified: 2015/1xxx/CVE-2015-1832.json modified: 2015/3xxx/CVE-2015-3253.json modified: 2015/7xxx/CVE-2015-7940.json modified: 2015/9xxx/CVE-2015-9251.json modified: 2016/0xxx/CVE-2016-0701.json modified: 2016/1000xxx/CVE-2016-1000031.json modified: 2016/10xxx/CVE-2016-10244.json modified: 2016/10xxx/CVE-2016-10251.json modified: 2016/10xxx/CVE-2016-10328.json modified: 2016/2xxx/CVE-2016-2183.json modified: 2016/2xxx/CVE-2016-2381.json modified: 2016/3xxx/CVE-2016-3092.json modified: 2016/4xxx/CVE-2016-4000.json modified: 2016/4xxx/CVE-2016-4463.json modified: 2016/6xxx/CVE-2016-6306.json modified: 2016/6xxx/CVE-2016-6489.json modified: 2016/7xxx/CVE-2016-7103.json modified: 2016/8xxx/CVE-2016-8610.json modified: 2017/12xxx/CVE-2017-12626.json modified: 2017/13xxx/CVE-2017-13745.json modified: 2017/14xxx/CVE-2017-14232.json modified: 2017/14xxx/CVE-2017-14735.json modified: 2017/15xxx/CVE-2017-15706.json modified: 2017/3xxx/CVE-2017-3160.json modified: 2017/5xxx/CVE-2017-5130.json modified: 2017/5xxx/CVE-2017-5529.json modified: 2017/5xxx/CVE-2017-5533.json modified: 2017/5xxx/CVE-2017-5645.json modified: 2017/5xxx/CVE-2017-5754.json modified: 2017/7xxx/CVE-2017-7857.json modified: 2017/7xxx/CVE-2017-7858.json modified: 2017/7xxx/CVE-2017-7864.json modified: 2017/8xxx/CVE-2017-8105.json modified: 2017/8xxx/CVE-2017-8287.json modified: 2018/0xxx/CVE-2018-0732.json modified: 2018/0xxx/CVE-2018-0734.json modified: 2018/0xxx/CVE-2018-0737.json modified: 2018/1000xxx/CVE-2018-1000180.json modified: 2018/1000xxx/CVE-2018-1000613.json modified: 2018/1000xxx/CVE-2018-1000632.json modified: 2018/1000xxx/CVE-2018-1000873.json modified: 2018/10xxx/CVE-2018-10237.json modified: 2018/11xxx/CVE-2018-11054.json modified: 2018/11xxx/CVE-2018-11055.json modified: 2018/11xxx/CVE-2018-11056.json modified: 2018/11xxx/CVE-2018-11057.json modified: 2018/11xxx/CVE-2018-11058.json modified: 2018/11xxx/CVE-2018-11307.json modified: 2018/11xxx/CVE-2018-11775.json modified: 2018/11xxx/CVE-2018-11784.json modified: 2018/11xxx/CVE-2018-11797.json modified: 2018/12xxx/CVE-2018-12022.json modified: 2018/12xxx/CVE-2018-12023.json modified: 2018/14xxx/CVE-2018-14718.json modified: 2018/14xxx/CVE-2018-14719.json modified: 2018/14xxx/CVE-2018-14720.json modified: 2018/14xxx/CVE-2018-14721.json modified: 2018/15xxx/CVE-2018-15756.json modified: 2018/15xxx/CVE-2018-15769.json modified: 2018/17xxx/CVE-2018-17197.json modified: 2018/18xxx/CVE-2018-18227.json modified: 2018/18xxx/CVE-2018-18311.json modified: 2018/18xxx/CVE-2018-18873.json modified: 2018/19xxx/CVE-2018-19139.json modified: 2018/19xxx/CVE-2018-19360.json modified: 2018/19xxx/CVE-2018-19361.json modified: 2018/19xxx/CVE-2018-19362.json modified: 2018/19xxx/CVE-2018-19539.json modified: 2018/19xxx/CVE-2018-19540.json modified: 2018/19xxx/CVE-2018-19541.json modified: 2018/19xxx/CVE-2018-19542.json modified: 2018/19xxx/CVE-2018-19543.json modified: 2018/19xxx/CVE-2018-19622.json modified: 2018/19xxx/CVE-2018-19623.json modified: 2018/19xxx/CVE-2018-19624.json modified: 2018/19xxx/CVE-2018-19625.json modified: 2018/19xxx/CVE-2018-19626.json modified: 2018/19xxx/CVE-2018-19627.json modified: 2018/19xxx/CVE-2018-19628.json modified: 2018/1xxx/CVE-2018-1165.json modified: 2018/1xxx/CVE-2018-1258.json modified: 2018/1xxx/CVE-2018-1304.json modified: 2018/1xxx/CVE-2018-1305.json modified: 2018/1xxx/CVE-2018-1320.json modified: 2018/1xxx/CVE-2018-1336.json modified: 2018/20xxx/CVE-2018-20346.json modified: 2018/20xxx/CVE-2018-20506.json modified: 2018/20xxx/CVE-2018-20570.json modified: 2018/20xxx/CVE-2018-20584.json modified: 2018/20xxx/CVE-2018-20622.json modified: 2018/20xxx/CVE-2018-20843.json modified: 2018/20xxx/CVE-2018-20852.json modified: 2018/5xxx/CVE-2018-5407.json modified: 2018/5xxx/CVE-2018-5711.json modified: 2018/5xxx/CVE-2018-5712.json modified: 2018/6xxx/CVE-2018-6942.json modified: 2018/8xxx/CVE-2018-8014.json modified: 2018/8xxx/CVE-2018-8032.json modified: 2018/8xxx/CVE-2018-8034.json modified: 2018/8xxx/CVE-2018-8036.json modified: 2018/8xxx/CVE-2018-8037.json modified: 2018/8xxx/CVE-2018-8039.json modified: 2018/9xxx/CVE-2018-9055.json modified: 2018/9xxx/CVE-2018-9154.json modified: 2018/9xxx/CVE-2018-9252.json modified: 2019/0xxx/CVE-2019-0196.json modified: 2019/0xxx/CVE-2019-0197.json modified: 2019/0xxx/CVE-2019-0199.json modified: 2019/0xxx/CVE-2019-0211.json modified: 2019/0xxx/CVE-2019-0215.json modified: 2019/0xxx/CVE-2019-0217.json modified: 2019/0xxx/CVE-2019-0220.json modified: 2019/0xxx/CVE-2019-0221.json modified: 2019/0xxx/CVE-2019-0222.json modified: 2019/0xxx/CVE-2019-0227.json modified: 2019/0xxx/CVE-2019-0228.json modified: 2019/0xxx/CVE-2019-0232.json modified: 2019/1010xxx/CVE-2019-1010238.json modified: 2019/10xxx/CVE-2019-10072.json modified: 2019/10xxx/CVE-2019-10081.json modified: 2019/10xxx/CVE-2019-10082.json modified: 2019/10xxx/CVE-2019-10086.json modified: 2019/10xxx/CVE-2019-10088.json modified: 2019/10xxx/CVE-2019-10092.json modified: 2019/10xxx/CVE-2019-10093.json modified: 2019/10xxx/CVE-2019-10094.json modified: 2019/10xxx/CVE-2019-10097.json modified: 2019/10xxx/CVE-2019-10098.json modified: 2019/10xxx/CVE-2019-10173.json modified: 2019/10xxx/CVE-2019-10246.json modified: 2019/10xxx/CVE-2019-10247.json modified: 2019/11xxx/CVE-2019-11358.json modified: 2019/12xxx/CVE-2019-12086.json modified: 2019/12xxx/CVE-2019-12384.json modified: 2019/12xxx/CVE-2019-12387.json modified: 2019/12xxx/CVE-2019-12402.json modified: 2019/12xxx/CVE-2019-12406.json modified: 2019/12xxx/CVE-2019-12415.json modified: 2019/12xxx/CVE-2019-12418.json modified: 2019/12xxx/CVE-2019-12419.json modified: 2019/12xxx/CVE-2019-12855.json modified: 2019/13xxx/CVE-2019-13057.json modified: 2019/13xxx/CVE-2019-13565.json modified: 2019/13xxx/CVE-2019-13990.json modified: 2019/14xxx/CVE-2019-14379.json modified: 2019/14xxx/CVE-2019-14439.json modified: 2019/14xxx/CVE-2019-14540.json modified: 2019/14xxx/CVE-2019-14821.json modified: 2019/14xxx/CVE-2019-14889.json modified: 2019/15xxx/CVE-2019-15161.json modified: 2019/15xxx/CVE-2019-15162.json modified: 2019/15xxx/CVE-2019-15163.json modified: 2019/15xxx/CVE-2019-15164.json modified: 2019/15xxx/CVE-2019-15165.json modified: 2019/15xxx/CVE-2019-15601.json modified: 2019/15xxx/CVE-2019-15604.json modified: 2019/15xxx/CVE-2019-15605.json modified: 2019/15xxx/CVE-2019-15606.json modified: 2019/15xxx/CVE-2019-15903.json modified: 2019/16xxx/CVE-2019-16056.json modified: 2019/16xxx/CVE-2019-16168.json modified: 2019/16xxx/CVE-2019-16335.json modified: 2019/16xxx/CVE-2019-16942.json modified: 2019/16xxx/CVE-2019-16943.json modified: 2019/17xxx/CVE-2019-17091.json modified: 2019/17xxx/CVE-2019-17195.json modified: 2019/17xxx/CVE-2019-17359.json modified: 2019/17xxx/CVE-2019-17531.json modified: 2019/17xxx/CVE-2019-17563.json modified: 2019/17xxx/CVE-2019-17571.json modified: 2019/18xxx/CVE-2019-18197.json modified: 2019/19xxx/CVE-2019-19242.json modified: 2019/19xxx/CVE-2019-19244.json modified: 2019/19xxx/CVE-2019-19269.json modified: 2019/19xxx/CVE-2019-19317.json modified: 2019/19xxx/CVE-2019-19553.json modified: 2019/19xxx/CVE-2019-19603.json modified: 2019/19xxx/CVE-2019-19645.json modified: 2019/19xxx/CVE-2019-19646.json modified: 2019/19xxx/CVE-2019-19880.json modified: 2019/19xxx/CVE-2019-19923.json modified: 2019/19xxx/CVE-2019-19924.json modified: 2019/19xxx/CVE-2019-19925.json modified: 2019/19xxx/CVE-2019-19926.json modified: 2019/19xxx/CVE-2019-19959.json modified: 2019/1xxx/CVE-2019-1543.json modified: 2019/1xxx/CVE-2019-1547.json modified: 2019/1xxx/CVE-2019-1549.json modified: 2019/1xxx/CVE-2019-1552.json modified: 2019/1xxx/CVE-2019-1563.json modified: 2019/20xxx/CVE-2019-20218.json modified: 2019/20xxx/CVE-2019-20330.json modified: 2019/5xxx/CVE-2019-5427.json modified: 2019/5xxx/CVE-2019-5435.json modified: 2019/5xxx/CVE-2019-5436.json modified: 2019/5xxx/CVE-2019-5443.json modified: 2019/5xxx/CVE-2019-5481.json modified: 2019/5xxx/CVE-2019-5482.json modified: 2019/8xxx/CVE-2019-8457.json modified: 2019/9xxx/CVE-2019-9517.json modified: 2020/5xxx/CVE-2020-5397.json modified: 2020/5xxx/CVE-2020-5398.json modified: 2020/7xxx/CVE-2020-7044.json modified: 2020/8xxx/CVE-2020-8840.json 2020-04-14 14:04:09 -07:00			`},`
			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",`
			`"refsource": "MISC",`
			`"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"`
"-Synchronized-Data." 2020-05-07 13:01:13 +00:00			`},`
			`{`
			`"refsource": "DEBIAN",`
			`"name": "DSA-4680",`
			`"url": "https://www.debian.org/security/2020/dsa-4680"`
"-Synchronized-Data." 2019-12-23 18:01:06 +00:00			`}`
			`]`
"-Synchronized-Data." 2019-05-28 22:00:48 +00:00			`},`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"description": {`
			`"description_data": [`
"-Synchronized-Data." 2019-05-28 22:00:48 +00:00			`{`
"-Synchronized-Data." 2020-04-16 19:02:24 +00:00			`"lang": "eng",`
			`"value": "When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance."`
"-Synchronized-Data." 2019-05-28 22:00:48 +00:00			`}`
			`]`
			`}`
			`}`