Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2020:1498-1 Important: Tomcat Remote Code Execution and XSS

suse
Calendar Grey May 28, 2020
Dist Suse Esm H88
SUSE Security Patch: Critical tomcat Revision Addressing Remote Code Execution Vulnerabilities and Additional Concerns
An update that fixes 5 vulnerabilities is now available

Summary

This update for tomcat fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The

Topics%20covered

Topics Covered

security advisory XSS remote code execution DoS important tomcat session fixation

References

#1136085 #1159723 #1159729 #1164825 #1171928

Cross- CVE-2019-0221 CVE-2019-12418 CVE-2019-17563

CVE-2019-17569 CVE-2020-9484

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2019-0221.html

https://www.suse.com/security/cve/CVE-2019-12418.html

https://www.suse.com/security/cve/CVE-2019-17563.html

https://www.suse.com/security/cve/CVE-2019-17569.html

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:1498-1
Rating: important

Topics%20covered

Topics Covered

security advisory XSS remote code execution DoS important tomcat session fixation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here