CVE-2019-12418 vulnerability in Apache and Other Products
Published on December 23, 2019

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-12418

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12418 are published in these products:

Apache Tomcat

Debian Linux

Oracle Workload Manager

Canonical Ubuntu Linux

OpenSuse Leap

NetApp Oncommand System Manager

Affected Versions

Apache Software Foundation Apache Tomcat:

Version 9.0.0.M1 to 9.0.28 is affected.
Version 8.5.0 to 8.5.47 is affected.
Version 7.0.0 to 7.0.97 is affected.

Exploit Probability

EPSS

0.08%

Percentile

23.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-12418 vulnerability in Apache and Other ProductsPublished on December 23, 2019

Products Associated with CVE-2019-12418

Affected Versions

Exploit Probability

CVE-2019-12418 vulnerability in Apache and Other Products
Published on December 23, 2019