CVE-2019-12418 – tomcat: local privilege escalation
https://notcve.org/view.php?id=CVE-2019-12418
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. Cuando Apache Tomcat 9.0.0.M1 hasta 9.0.28, 8.5.0 hasta 8.5.47, 7.0.0 y 7.0.97, es configurado con JMX Remote Lifecycle Listener, un atacante local sin acceso al proceso de Tomcat o a archivos de configuración es capaz de manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle para capturar nombres de usuario y contraseñas utilizados para acceder a la interfaz de JMX. El atacante puede usar estas credenciales para acceder a la interfaz de JMX y conseguir un control completo sobre la instancia de Tomcat. A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E https • CWE-284: Improper Access Control •
CVE-2019-17563 – tomcat: Session fixation when using FORM authentication
https://notcve.org/view.php?id=CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Cuando se usa la autenticación FORM con Apache Tomcat 9.0.0.M1 hasta 9.0.29, 8.5.0 hasta 8.5.49 y 7.0.0 hasta 7.0.98, había una ventana estrecha donde un atacante podía llevar a cabo un ataque de fijación de sesión. La ventana fue considerada demasiado estrecha para que una explotación sea práctica, pero, por precaución, este problema ha sido tratado como una vulnerabilidad de seguridad. It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E https • CWE-384: Session Fixation •
CVE-2019-10072 – Apache Tomcat reserveWindowSize Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-10072
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS. La solución para el CVE-2019-0199 estaba incompleta y no abordaba el agotamiento de la ventana de conexión HTTP/2 al escribir en de Apache Tomcat versiones desde 9.0.0.M1 hasta 9.0.19 y 8.5.0 hasta 8.5.40. Al no enviar mensajes de WINDOW_UPDATE para la ventana de conexión (stream 0), los clientes fueron habilitados para causar que los hilos (subprocesos) del lado del servidor se bloquearan eventualmente conllevando al agotamiento del hilo (subproceso) y a una DoS. This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Apache Tomcat. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html http://www.securityfocus.com/bid/108874 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14 • CWE-400: Uncontrolled Resource Consumption CWE-667: Improper Locking •
CVE-2019-0221 – Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. El comando printenv de SSI en Apache Tomcat versión 9.0.0.M1 hasta 9.0.0.17, versión 8.5.0 hasta 8.5.39 y versión 7.0.0 hasta 7.0.93, hace eco de los datos suministrados por el usuario sin escapar, y en consecuencia, es vulnerable a XSS. SSI está deshabilitado por defecto. • https://www.exploit-db.com/exploits/50119 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/May/50 http://www.securityfocus.com/bid/108545 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://lists.apache& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-2684 – OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
https://notcve.org/view.php?id=CVE-2019-2684
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/09/01/4 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.re •