News

ASF launched new versions of Apache Tomcat web-server to close hazardous vulnerability

Apache Software Foundation (ASF) issued new version of Apache Tomcat web-server for elimination of dangerous vulnerability that enables remote code performance and interception of control over server.

Vulnerability CVE-2019-0232 contains in Common Gateway Interface (CGI) Servlet and manifests on Windows with turned parameter «enableCmdLineArguments». Issue linked with mechanism of Java Runtime Environment (JRE) transition arguments of command line. As in versions Tomcat 9.0 and higher CGI Servlet and «enableCmdLineArguments» option switched off by default, bug is not classified as critical.

Vulnerability involves versions of Apache Tomcat from 9.0.0.M.I.till 9.0.17, Apache Tomcat 8.5.0 till 8.5.39 and Apache Tomcat 7.0.0 till 7.0.93. Versions of Apache Tomcat 9.0.18 and lower, Apache Tomcat 8.5.40 and higher and Apache Tomcat 7.0.94 are not sensitive to a problem.

Successful exploitation of vulnerability allows remotely perform code on Windows-servers that use vulnerable Apache Tomcat version and fully compromise the system.

Issues resolved by launching Tomcat 9.0.19, 8.5.40 and 7.0.93 versions. All users received recommendations to fix issues as soon as possible. If this they do not have this opportunity, recommended to put meaning “false” for «enableCmdLineArguments» parameter.

Source: www.mag-securs.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Re-captha-version-4-21.buzz Pop-up Ads

About Re-captha-version-4-21.buzz Re-captha-version-4-21.buzz pop-ups can not launch out of the blue. If you have actually…

9 hours ago

Remove Eliteadblocker.net Pop-up Ads

About Eliteadblocker.net Eliteadblocker.net pop-ups can not expose out of the blue. If you have clicked…

14 hours ago

Remove News-xzexivu.info Pop-up Ads

About News-xzexivu.info News-xzexivu.info pop-ups can not introduce out of the blue. If you have actually…

15 hours ago

Remove Linkbtrads.top Pop-up Ads

About Linkbtrads.top Linkbtrads.top pop-ups can not expose out of nowhere. If you have actually clicked…

15 hours ago

Remove News-xzekevu.xyz Pop-up Ads

About News-xzekevu.xyz News-xzekevu.xyz pop-ups can not introduce out of the blue. If you have actually…

15 hours ago

Remove News-xzurufo.xyz Pop-up Ads

About News-xzurufo.xyz News-xzurufo.xyz pop-ups can not introduce out of the blue. If you have clicked…

15 hours ago