Количество 13
Количество 13
BDU:2020-01972
Уязвимость компонента работы с JMX сервера приложений Apache Tomcat, связанная с недостатком механизма защиты регистрационных данных, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
CVE-2019-12418
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.
CVE-2019-12418
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.
CVE-2019-12418
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.
CVE-2019-12418
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...
GHSA-hh3j-x4mc-g48r
Insufficiently Protected Credentials in Apache Tomcat
openSUSE-SU-2020:0038-1
Security update for tomcat
SUSE-SU-2020:14375-1
Security update for tomcat6
SUSE-SU-2020:0226-1
Security update for tomcat
SUSE-SU-2020:0029-1
Security update for tomcat
SUSE-SU-2020:1498-1
Security update for tomcat
SUSE-SU-2020:1497-1
Security update for tomcat
SUSE-SU-2020:0632-1
Security update for tomcat
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2020-01972 Уязвимость компонента работы с JMX сервера приложений Apache Tomcat, связанная с недостатком механизма защиты регистрационных данных, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных | CVSS3: 7 | 1% Низкий | почти 6 лет назад |
 | CVE-2019-12418 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. | CVSS3: 7 | 1% Низкий | больше 5 лет назад |
 | CVE-2019-12418 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. | CVSS3: 7.4 | 1% Низкий | больше 5 лет назад |
 | CVE-2019-12418 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. | CVSS3: 7 | 1% Низкий | больше 5 лет назад |
| CVE-2019-12418 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ... | CVSS3: 7 | 1% Низкий | больше 5 лет назад |
| GHSA-hh3j-x4mc-g48r Insufficiently Protected Credentials in Apache Tomcat | CVSS3: 7 | 1% Низкий | больше 5 лет назад |
 | openSUSE-SU-2020:0038-1 Security update for tomcat | больше 5 лет назад | ||
| SUSE-SU-2020:14375-1 Security update for tomcat6 | около 5 лет назад | ||
| SUSE-SU-2020:0226-1 Security update for tomcat | больше 5 лет назад | ||
| SUSE-SU-2020:0029-1 Security update for tomcat | больше 5 лет назад | ||
| SUSE-SU-2020:1498-1 Security update for tomcat | около 5 лет назад | ||
| SUSE-SU-2020:1497-1 Security update for tomcat | около 5 лет назад | ||
| SUSE-SU-2020:0632-1 Security update for tomcat | больше 5 лет назад |
Уязвимостей на страницу