Rewterz Threat Alert – Active IOCs- FormBook Malware
December 17, 2020Rewterz Threat Advisory – CVE-2020-35112 – Mozilla Firefox Download Code Execution
December 17, 2020Rewterz Threat Alert – Active IOCs- FormBook Malware
December 17, 2020Rewterz Threat Advisory – CVE-2020-35112 – Mozilla Firefox Download Code Execution
December 17, 2020Severity
High
Analysis Summary
CVE-2020-13931
Apache TomEE could allow a remote attacker to bypass security restrictions, caused by a misconfiguring issue when configured with the embedded ActiveMQ broker. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to TCP port 1099 without authentication.
Impact
Security Bypass
Affected Vendors
Apache Tomcat
Affected Products
- Apache TomEE 1.0.0
- Apache TomEE 1.7.5
- Apache TomEE 7.0.0-M1
- Apache TomEE 7.1.0
- Apache TomEE 8.0.0-M1
- Apache TomEE 7.0.8
- Apache TomEE 7.1.3
- Apache TomEE 8.0.3
Remediation
Upgrade to the latest version of TomEE (7.0.9, 7.1.4, 8.0.4 or later).