Home Tech Important security updates for Apache Tomcat web server

Important security updates for Apache Tomcat web server

The open source web server Apache Tomcat can be attacked in various versions under Windows. If attackers exploited the vulnerability (CVE-2019-0232), they could run malicious code under some circumstances. Attacks are remotely but are not easily possible, the developers describe in a security warning. The security updates have classified them as "important."

Affected are the issues Apache Tomcat 7.0.0 to 7.0.93, 8.5.0 to 8.5.39 and 9.0.0M1 to 9.0.17. Admins should use the safe versions 7.0.93. 08/05/40 and 9.0.18 to install.

Attacks only work if the function enableCmdLineArguments is enabled – by default this is not the case. An error in passing commands to Windows through Java Runtime Environment could cause malicious code to execute. In a blog post, security researcher Markus Wulftange describes in detail how an attack works.




Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Must Read