Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apache fixed an important RCE flaw in Tomcat application server

The Apache Software Foundation has released new versions of the Tomcat application server that address an important remote code execution vulnerability. The new versions of the Tomcat application server address an important remote code execution vulnerability that could be exploited by a remote attacker to execute malicious code and take control of a vulnerable server. […]

Apache Tomcat application server

The Apache Software Foundation has released new versions of the Tomcat application server that address an important remote code execution vulnerability.

The new versions of the Tomcat application server address an important remote code execution vulnerability that could be exploited by a remote attacker to execute malicious code and take control of a vulnerable server.

The remote code execution vulnerability, tracked as CVE-2019-0232, resides in the Common Gateway Interface (CGI) Servlet when running on Windows with enableCmdLineArguments enabled. The flaw ties the way the Java Runtime Environment (JRE) passes command line arguments to Windows.

“When running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disabled by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability).” wrote Mark Thomas from Apache Foundation.

Tomcat application server

The vulnerability has been rated as only important because the CGI Servlet is disabled by default and its option enableCmdLineArguments is disabled by default in Tomcat 9.0.x.

To mitigate the RCE vulnerability, the CGI Servlet enableCmdLineArguments option will now be disabled by default in all versions of Apache Tomcat.

Technical details about the JRE behaviour were provided in a blog post published by Markus Wulftange.

Below the list of the affected versions of the Tomcat application server:

  • Apache Tomcat 9.0.0.M1 to 9.0.17
  • Apache Tomcat 8.5.0 to 8.5.39
  • Apache Tomcat 7.0.0 to 7.0.93

The following Tomcat versions are not affected by the flaw:

  • Apache Tomcat 9.0.18 and later
  • Apache Tomcat 8.5.40 and later
  • Apache Tomcat 7.0.94 and later

The vulnerability was reported to the Apache Tomcat security team by an unnamed security expert on 3rd March 2019 and was publicly disclosed on 10 April 2019 after the release of the new updated versions (Tomcat version 9.0.19, version 8.5.40 and version 7.0.93).

If you are using a Tomcat application server don’t forget to install the software updates as soon as possible. In case for some reason you cannot apply the patches immediately, you should check that default enableCmdLineArguments value is disabled.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Tomcat application server)

[adrotate banner=”5″]

[adrotate banner=”13″]