Home » News » ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

[Total: 1    Average: 5/5]

Apache Software Foundation (ASF) issued new version of Apache Tomcat web-server for elimination of dangerous vulnerability that enables remote code performance and interception of control over server.

Vulnerability CVE-2019-0232 contains in Common Gateway Interface (CGI) Servlet and manifests on Windows with turned parameter «enableCmdLineArguments». Issue linked with mechanism of Java Runtime Environment (JRE) transition arguments of command line. As in versions Tomcat 9.0 and higher CGI Servlet and «enableCmdLineArguments» option switched off by default, bug is not classified as critical.

Vulnerability involves versions of Apache Tomcat from 9.0.0.M.I.till 9.0.17, Apache Tomcat 8.5.0 till 8.5.39 and Apache Tomcat 7.0.0 till 7.0.93. Versions of Apache Tomcat 9.0.18 and lower, Apache Tomcat 8.5.40 and higher and Apache Tomcat 7.0.94 are not sensitive to a problem.

Successful exploitation of vulnerability allows remotely perform code on Windows-servers that use vulnerable Apache Tomcat version and fully compromise the system.

Issues resolved by launching Tomcat 9.0.19, 8.5.40 and 7.0.93 versions. All users received recommendations to fix issues as soon as possible. If this they do not have this opportunity, recommended to put meaning “false” for «enableCmdLineArguments» parameter.

Source: www.mag-securs.com

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Microsoft IE11 vulnerability is more dangerous than it seemed as browser Edge is also sensitive to it

[Total: 1    Average: 5/5] Researchers noted strange behavior in Windows 10 that can allow …

Iran APT34

Repentant cybercriminal leaked tools of Iranian hackers in Telegram

[Total: 1    Average: 5/5] In the middle of March 2019 hacker that is known …

Leave a Reply