{"id":"CVE-2019-12418","details":"When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.","aliases":["GHSA-hh3j-x4mc-g48r"],"modified":"2026-05-15T12:03:13.582823802Z","published":"2019-12-23T18:15:10.753Z","related":["CGA-ph6q-8g38-cp58","SUSE-SU-2020:0029-1","SUSE-SU-2020:0226-1","SUSE-SU-2020:0632-1","SUSE-SU-2020:14375-1","SUSE-SU-2020:1497-1","SUSE-SU-2020:1498-1","openSUSE-SU-2020:0038-1","openSUSE-SU-2024:11468-1","openSUSE-SU-2024:13441-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux","extracted_events":[{"last_affected":"16.04"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"]},{"source":"CPE_FIELD","vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"},{"last_affected":"10.0"}]},{"source":"CPE_FIELD","vendor_product":"netapp:oncommand_system_manager","extracted_events":[{"introduced":"3.0.0"},{"last_affected":"3.1.3"}],"cpes":["cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","vendor_product":"opensuse:leap","cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"15.1"}]},{"source":"CPE_FIELD","vendor_product":"oracle:workload_manager","extracted_events":[{"last_affected":"12.2.0.1"},{"last_affected":"18c"},{"last_affected":"19c"}],"cpes":["cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*","cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://support.f5.com/csp/article/K10107360?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Dec/43"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-43"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200107-0001/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4251-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4596"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4680"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}