mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
148 lines
6.5 KiB
JSON
148 lines
6.5 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2019-12418",
|
|
"ASSIGNER": "security@apache.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Apache Software Foundation",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Tomcat",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "9.0.0.M1 to 9.0.28"
|
|
},
|
|
{
|
|
"version_value": "8.5.0 to 8.5.47"
|
|
},
|
|
{
|
|
"version_value": "7.0.0 to 7.0.97"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Local Privilege Escalation"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E",
|
|
"url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4596",
|
|
"url": "https://www.debian.org/security/2019/dsa-4596"
|
|
},
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
|
|
"url": "https://seclists.org/bugtraq/2019/Dec/43"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20200107-0001/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20200107-0001/"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS",
|
|
"url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2020:0038",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"
|
|
},
|
|
{
|
|
"refsource": "UBUNTU",
|
|
"name": "USN-4251-1",
|
|
"url": "https://usn.ubuntu.com/4251-1/"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
|
|
"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
|
|
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
|
|
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
|
|
"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
|
|
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "GENTOO",
|
|
"name": "GLSA-202003-43",
|
|
"url": "https://security.gentoo.org/glsa/202003-43"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2155-1] tomcat8 security update",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4680",
|
|
"url": "https://www.debian.org/security/2020/dsa-4680"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance."
|
|
}
|
|
]
|
|
}
|
|
} |