Tuesday, January 19, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Apache Tomcat Patches Important Remote Code Execution Flaw

April 15, 2019
in Internet Privacy
Apache Tomcat Patches Important Remote Code Execution Flaw
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server.

You might also like

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months

NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers

Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket to provide a “pure Java” HTTP web server environment for Java concept to run in.

The remote code execution vulnerability (CVE-2019-0232) resides in the Common Gateway Interface (CGI) Servlet when running on Windows with enableCmdLineArguments enabled and occurs due to a bug in the way the Java Runtime Environment (JRE) passes command line arguments to Windows.

Since the CGI Servlet is disabled by default and its option enableCmdLineArguments is disabled by default in Tomcat 9.0.x, the remote code execution vulnerability has been rated as important and not critical.

In response to this vulnerability, the CGI Servlet enableCmdLineArguments option will now be disabled by default in all versions of Apache Tomcat.

Affected Tomcat Versions

  • Apache Tomcat 9.0.0.M1 to 9.0.17
  • Apache Tomcat 8.5.0 to 8.5.39
  • Apache Tomcat 7.0.0 to 7.0.93

Unaffected Tomcat Versions

  • Apache Tomcat 9.0.18 and later
  • Apache Tomcat 8.5.40 and later
  • Apache Tomcat 7.0.94 and later

Successful exploitation of this vulnerability could allow a remote attacker to execute an arbitrary command on a targeted Windows server running an affected version of Apache Tomcat, resulting in a full compromise.

The vulnerability was reported to the Apache Tomcat security team by a security researcher (not named by the Apache Software Foundation) on 3rd March 2019 and was made public on 10 April 2019 after the ASF released the updated versions.

This Apache vulnerability has been addressed with the release of Tomcat version 9.0.19 (though the issue was fixed in Apache Tomcat 9.0.18, the release vote for the 9.0.18 release did not pass), version 8.5.40 and version 7.0.93.

So, administrators are strongly recommended to apply the software updates as soon as possible. If you are unable to apply the patches immediately, you should ensure the CGI Servlet initialisation parameter’s default enableCmdLineArguments value is set to false.


Credit: The Hacker News By: noreply@blogger.com (Wang Wei)

Previous Post

Design Obstacles that Contribute to Job Security

Next Post

3 Ways Artificial Intelligence Amplifies Innovation

Related Posts

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
Internet Privacy

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

January 18, 2021
WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months
Internet Privacy

WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months

January 16, 2021
NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers
Internet Privacy

NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers

January 16, 2021
Joker’s Stash, The Largest Carding Marketplace, Announces Shutdown
Internet Privacy

Joker’s Stash, The Largest Carding Marketplace, Announces Shutdown

January 16, 2021
Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
Internet Privacy

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

January 15, 2021
Next Post
3 Ways Artificial Intelligence Amplifies Innovation

3 Ways Artificial Intelligence Amplifies Innovation

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Oracle takes a new twist on MySQL: Adding data warehousing to the cloud service
Internet Security

Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack

January 19, 2021
Google is Rethinking its Business – What About You?
Data Science

Google is Rethinking its Business – What About You?

January 18, 2021
Covalent and IBM partnership looks to fashion sustainability through blockchain
Blockchain

Covalent and IBM partnership looks to fashion sustainability through blockchain

January 18, 2021
Get the machine learning for beginners overview bundle for under $20
Machine Learning

Get the machine learning for beginners overview bundle for under $20

January 18, 2021
Singapore tightens cyber defence guidelines for financial services sector
Internet Security

Singapore tightens cyber defence guidelines for financial services sector

January 18, 2021
FairML: Auditing Black-Box Predictive Models
Data Science

FairML: Auditing Black-Box Predictive Models

January 18, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack January 19, 2021
  • Google is Rethinking its Business – What About You? January 18, 2021
  • Covalent and IBM partnership looks to fashion sustainability through blockchain January 18, 2021
  • Get the machine learning for beginners overview bundle for under $20 January 18, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates