-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat8 Version : 8.0.14-1+deb8u16 CVE ID : CVE-2019-12418
Tomcat8 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. For Debian 8 "Jessie", this problem has been fixed in version 8.0.14-1+deb8u16. We recommend that you upgrade your tomcat8 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl56CcAACgkQhj1N8u2c KO8GDQ//ch0YLa8PrDwcl3o0lumteHPXPVYMmleuZIXbNxZqZirygIL4ipAdKJU9 pGq+sNL5s+VVqzTpzU9b83o2DrnFztDP0b4YjNviWw8ReCHwVZjGf/Qi/SrLiChv Ob/g/3ANOgEz/fdg0eZGAdZASgqKvZEmozUj6odQ852k+eSZJ23NZ+kEzj26qrpu GScePSQxdEv2uVJq+O/pIu5cj70ikkLkv+Yy5HhNDVji5Q/as8x5pFG2l4kdsPKg wsrjdXB/wd7zxS59HXV8nPpCFlvFyTie03M8OtalY7aDj5HEb/H7Hd1jsokDECaN dXm4dmPsJPPgHj8B0KSq99GitzDgxho/RNZUA3PA7ry+LDJmVuocg97piHz/Y60g mypapCqTaO7A/LRQeT/Xi+jS9yKevw4KMuzAwsuNsR31173u+7YL1kDj/fiWeM9B qCpGJ1daRuEuz/1DZG9CH9imX/x/CmyXFoOR1MaatWeuG4UikLtE8heXg8H9LJCz DvC9/zy0t7vl4/PEptQKogRQShoZMTnP2o9qm+AiFp62IKUI6XxKm4m9r9FS0WWG StkV5iRACtTcU5g8z5Hl6s4MbkiTbMJ8KTOjeypPUF5B72D22AcMN85dWNsF7QRn VQM9w4r0izxF2fIjDMqTVEFZmdNEd5bz6lnYlDu5wcyfFQKXIB0= =MMQd -----END PGP SIGNATURE-----
