> Apache Tomcat 安全漏洞

Apache Tomcat 安全漏洞

CNNVD-ID编号	CNNVD-201912-924	CVE编号	CVE-2019-12418
发布时间	2019-12-19	更新时间	2020-09-24
漏洞类型	其他	漏洞来源	Ubuntu,Debian,Red Hat,Gentoo
危险等级	高危	威胁类型	本地
厂商	N/A

漏洞介绍

Apache Tomcat是美国阿帕奇（Apache）软件基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page（JSP）的支持。

Apache Tomcat 9.0.0.M1版本至9.0.28版本、8.5.0版本至8.5.47版本和7.0.0版本至7.0.97版本中存在安全漏洞。攻击者可通过实施中间人攻击利用该漏洞获取用户名和密码，访问JMX界面，控制Tomcat实例。

漏洞补丁

目前厂商已发布升级了Apache Tomcat 安全漏洞的补丁，Apache Tomcat 安全漏洞的补丁获取链接：

http://tomcat.apache.org/security-8.html

参考网址

来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Dec/43

来源:CONFIRM

链接：https://security.netapp.com/advisory/ntap-20200107-0001/

来源:CONFIRM

链接：https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E

来源:CONFIRM

链接：https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS

来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html

来源:DEBIAN

链接：https://www.debian.org/security/2019/dsa-4596

来源:tomcat.apache.org

链接：http://tomcat.apache.org/security-7.html

来源:tomcat.apache.org

链接：http://tomcat.apache.org/security-8.html

来源:tomcat.apache.org

链接：http://tomcat.apache.org/security-9.html

来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2020/suse-su-20200029-1.html

来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2020/suse-su-20200226-1.html

来源:www.debian.org

链接：https://www.debian.org/security/2019/dsa-4596

来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Apache-Tomcat-privilege-escalation-via-JMX-Remote-Lifecycle-Listener-31187

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156827/Gentoo-Linux-Security-Advisory-202003-43.html

来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-taddmcve-2019-12418-cve-2019-17563-2/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4714/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156094/Ubuntu-Security-Notice-USN-4251-1.html

来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-cast-iron-solution-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-2/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2089/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2110/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155792/Debian-Security-Advisory-4596-1.html

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0063/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0867/

来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-taddmcve-2019-12418-cve-2019-17563/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0963/

来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affected-by-multiple-apache-tomcat-core-only-vulnerabilities/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0014/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0298/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157312/Red-Hat-Security-Advisory-2020-1520-01.html

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3250/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1050/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1608/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156781/Red-Hat-Security-Advisory-2020-0861-01.html

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201912-924