Home » News » ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

Apache Software Foundation (ASF) issued new version of Apache Tomcat web-server for elimination of dangerous vulnerability that enables remote code performance and interception of control over server.

Vulnerability CVE-2019-0232 contains in Common Gateway Interface (CGI) Servlet and manifests on Windows with turned parameter «enableCmdLineArguments». Issue linked with mechanism of Java Runtime Environment (JRE) transition arguments of command line. As in versions Tomcat 9.0 and higher CGI Servlet and «enableCmdLineArguments» option switched off by default, bug is not classified as critical.

Vulnerability involves versions of Apache Tomcat from 9.0.0.M.I.till 9.0.17, Apache Tomcat 8.5.0 till 8.5.39 and Apache Tomcat 7.0.0 till 7.0.93. Versions of Apache Tomcat 9.0.18 and lower, Apache Tomcat 8.5.40 and higher and Apache Tomcat 7.0.94 are not sensitive to a problem.

Successful exploitation of vulnerability allows remotely perform code on Windows-servers that use vulnerable Apache Tomcat version and fully compromise the system.

Issues resolved by launching Tomcat 9.0.19, 8.5.40 and 7.0.93 versions. All users received recommendations to fix issues as soon as possible. If this they do not have this opportunity, recommended to put meaning “false” for «enableCmdLineArguments» parameter.

Source: www.mag-securs.com

[Total: 1    Average: 5/5]
READ  Vulnerability in EA Origin client allows intruders to control gamers’ PCs

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Emotet botnet is back and attacks

Emotet botnet is back and attacks users

After a long absence, the botnet, built basing on the Emotet Trojan program, returned to …

Nemty ransomware developing

Nemty ransomware developers continue to improve their malware

Nemty ransomware developers continue to actively work on their malware, developing it in an effort …

Leave a Reply