{"containers": {"cna": {"affected": [{"product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "9.0.0.M1 to 9.0.28"}, {"status": "affected", "version": "8.5.0 to 8.5.47"}, {"status": "affected", "version": "7.0.0 to 7.0.97"}]}], "descriptions": [{"lang": "en", "value": "When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance."}], "problemTypes": [{"descriptions": [{"description": "Local Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-07T12:06:07", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "DSA-4596", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4596"}, {"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/43"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200107-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "openSUSE-SU-2020:0038", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"}, {"name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"}, {"name": "USN-4251-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4251-1/"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}, {"name": "GLSA-202003-43", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-43"}, {"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2155-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "DSA-4680", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4680"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-12418", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Tomcat", "version": {"version_data": [{"version_value": "9.0.0.M1 to 9.0.28"}, {"version_value": "8.5.0 to 8.5.47"}, {"version_value": "7.0.0 to 7.0.97"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E", "refsource": "CONFIRM", "url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "DSA-4596", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4596"}, {"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/43"}, {"name": "https://security.netapp.com/advisory/ntap-20200107-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200107-0001/"}, {"name": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS"}, {"name": "openSUSE-SU-2020:0038", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"}, {"name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"}, {"name": "USN-4251-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4251-1/"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"}, {"name": "GLSA-202003-43", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-43"}, {"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2155-1] tomcat8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "DSA-4680", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4680"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:17:40.118Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"}, {"name": "DSA-4596", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4596"}, {"name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/43"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200107-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "openSUSE-SU-2020:0038", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"}, {"name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"}, {"name": "USN-4251-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4251-1/"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}, {"name": "GLSA-202003-43", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-43"}, {"name": "[debian-lts-announce] 20200324 [SECURITY] [DLA 2155-1] tomcat8 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "DSA-4680", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4680"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-12418", "datePublished": "2019-12-23T17:12:43", "dateReserved": "2019-05-28T00:00:00", "dateUpdated": "2024-08-04T23:17:40.118Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EF204D4-F525-4391-8BE2-8E110F2CC98F", "versionEndIncluding": "7.0.97", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF454438-4732-4232-9BEE-DFAFA6E355F7", "versionEndIncluding": "8.5.47", "versionStartIncluding": "8.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "B511668B-A02B-4D1D-A8F5-EF9F6F086283", "versionEndIncluding": "9.0.28", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD848FE1-CFD7-490C-B008-DF3B30F3256F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*", "matchCriteriaId": "630C8E99-FE49-486E-9003-40B82809B7A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*", "matchCriteriaId": "C842DE9E-5E12-4295-AFA5-DEB5FEDE490A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "34B80C9D-62AA-42FA-AB46-F8A414FCBE5E", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance."}, {"lang": "es", "value": "Cuando Apache Tomcat 9.0.0.M1 hasta 9.0.28, 8.5.0 hasta 8.5.47, 7.0.0 y 7.0.97, es configurado con JMX Remote Lifecycle Listener, un atacante local sin acceso al proceso de Tomcat o a archivos de configuraci\u00f3n es capaz de manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle para capturar nombres de usuario y contrase\u00f1as utilizados para acceder a la interfaz de JMX. El atacante puede usar estas credenciales para acceder a la interfaz de JMX y conseguir un control completo sobre la instancia de Tomcat."}], "id": "CVE-2019-12418", "lastModified": "2023-11-07T03:03:34.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-23T18:15:10.753", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/43"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-43"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200107-0001/"}, {"source": "security@apache.org", "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4251-1/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4596"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4680"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0860", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1", "package": "tomcat", "product_name": "Red Hat JBoss Web Server 3.1", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0861", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat7-0:7.0.70-38.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0861", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat8-0:8.0.36-42.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0861", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0861", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat7-0:7.0.70-38.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0861", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat8-0:8.0.36-42.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0861", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat-native-0:1.2.23-21.redhat_21.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:1520", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6", "package": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 6", "release_date": "2020-04-21T00:00:00Z"}, {"advisory": "RHSA-2020:1520", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6", "package": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 6", "release_date": "2020-04-21T00:00:00Z"}, {"advisory": "RHSA-2020:1520", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7", "package": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 7", "release_date": "2020-04-21T00:00:00Z"}, {"advisory": "RHSA-2020:1520", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7", "package": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 7", "release_date": "2020-04-21T00:00:00Z"}, {"advisory": "RHSA-2020:1520", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8", "package": "jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 8", "release_date": "2020-04-21T00:00:00Z"}, {"advisory": "RHSA-2020:1520", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8", "package": "jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws", "product_name": "Red Hat JBoss Web Server 5.3 on RHEL 8", "release_date": "2020-04-21T00:00:00Z"}, {"advisory": "RHSA-2020:1521", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.3", "package": "tomcat", "product_name": "Red Hat JBoss Web Server (JWS) 5.3", "release_date": "2020-04-21T00:00:00Z"}], "bugzilla": {"description": "tomcat: local privilege escalation", "id": "1785699", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785699"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.", "A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could then capture user names and passwords used to access the JMX interface and gain complete control over the Tomcat instance."], "mitigation": {"lang": "en:us", "value": "Disable JMX Remote if monitoring is only needed locally and there is no need to monitor Tomcat remotely. If JMX Remote is required and cannot be disabled, then use the built-in remote JMX facilities provided by the JVM.\nPlease note that JMX Remote Lifecycle Listener is now deprecated and may be removed from both Tomcat 7 [1] and Tomcat 9 [2] after 2020-12-31.\n[1] https://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#Deprecated_Implementations\n[2] https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html#Deprecated_Implementations"}, "name": "CVE-2019-12418", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:6", "fix_state": "Out of support scope", "package_name": "tomcat", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "tomcat5", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "tomcat6", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "pki-deps:10.6/pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Out of support scope", "package_name": "tomcat", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-java-common-tomcat", "product_name": "Red Hat Software Collections"}], "public_date": "2019-11-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-12418\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12418\nhttp://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99"], "statement": "This flaw did not affect the versions of tomcat as shipped with Red Hat Enterprise Linux 5, as they did not include JMX Remote Lifecycle Listener, which was introduced in a later version of the package.", "threat_severity": "Moderate", "upstream_fix": "tomcat 7.0.98, tomcat 8.5.48, tomcat 9.0.29"}