Home » News » ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

Apache Software Foundation (ASF) issued new version of Apache Tomcat web-server for elimination of dangerous vulnerability that enables remote code performance and interception of control over server.

Vulnerability CVE-2019-0232 contains in Common Gateway Interface (CGI) Servlet and manifests on Windows with turned parameter «enableCmdLineArguments». Issue linked with mechanism of Java Runtime Environment (JRE) transition arguments of command line. As in versions Tomcat 9.0 and higher CGI Servlet and «enableCmdLineArguments» option switched off by default, bug is not classified as critical.

Vulnerability involves versions of Apache Tomcat from 9.0.0.M.I.till 9.0.17, Apache Tomcat 8.5.0 till 8.5.39 and Apache Tomcat 7.0.0 till 7.0.93. Versions of Apache Tomcat 9.0.18 and lower, Apache Tomcat 8.5.40 and higher and Apache Tomcat 7.0.94 are not sensitive to a problem.

Successful exploitation of vulnerability allows remotely perform code on Windows-servers that use vulnerable Apache Tomcat version and fully compromise the system.

Issues resolved by launching Tomcat 9.0.19, 8.5.40 and 7.0.93 versions. All users received recommendations to fix issues as soon as possible. If this they do not have this opportunity, recommended to put meaning “false” for «enableCmdLineArguments» parameter.

Source: www.mag-securs.com

[Total: 1    Average: 5/5]
READ  Cisco Talos: Cybercriminals like Dr. Frankenstein collect malware for attacks from disparate components

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Oracle WebLogic Vulnerability

Oracle has released an urgent patch to eliminate critical vulnerabilities in WebLogic Server

The company said that an unknown group of cybercriminals in real attacks is already actively …

Vulnerabilities in MMC allow taking control over the system

The Microsoft Management Console (MMC), used by system administrators to configure and track system performance, …

Leave a Reply