Impact of CVE-2019-12418 (Apache Tomcat) Vulnerability in DLO
Article ID: 100048611
Updated On:
Description
Reference:
More information on this vulnerability can be found at the National Vulnerability Database at the following link;
https://nvd.nist.gov/vuln/detail/CVE-2019-12418
Resolution
Veritas Desktop and Laptop Option (DLO) is not affected by this vulnerability.
Enabling the JMX Listener requires that the configuration files are manually edited and a specific port is assigned to it. This is not configured or used in Apache Tomcat for DLO.
Issue/Introduction
Veritas Corporation is aware of the issue referred to in CVE-2019-12418, which impacts Apache Tomcat;
'When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface'
https://nvd.nist.gov/vuln/detail/CVE-2019-12418
Reference:
More information on this vulnerability can be found at the National Vulnerability Database at the following link;https://nvd.nist.gov/vuln/detail/CVE-2019-12418
Was this article helpful?
Yes
No
Powered by
