Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn’t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
[
{
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "before 6.0.48"
},
{
"status": "affected",
"version": "7.x before 7.0.73"
},
{
"status": "affected",
"version": "8.x before 8.0.39"
},
{
"status": "affected",
"version": "8.5.x before 8.5.7"
},
{
"status": "affected",
"version": "9.x before 9.0.0.M12"
}
]
}
]
rhn.redhat.com/errata/RHSA-2017-0457.html
seclists.org/oss-sec/2016/q4/502
svn.apache.org/viewvc?view=revision&revision=1767644
svn.apache.org/viewvc?view=revision&revision=1767656
svn.apache.org/viewvc?view=revision&revision=1767676
svn.apache.org/viewvc?view=revision&revision=1767684
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html
www.debian.org/security/2016/dsa-3738
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.securityfocus.com/bid/94463
www.securitytracker.com/id/1037331
access.redhat.com/errata/RHSA-2017:0455
access.redhat.com/errata/RHSA-2017:0456
lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
security.netapp.com/advisory/ntap-20180607-0001/
usn.ubuntu.com/4557-1/
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html