PT-2019-11567 · Jetbrains+4 · Intellij Idea Ultimate+4
Jonathan Leitschuh
·
Publicado
2019-07-03
·
Atualizado
2020-08-24
·
CVE-2019-10104
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
JetBrains IntelliJ IDEA Ultimate versions prior to 2018.3.4
JetBrains IntelliJ IDEA Ultimate versions prior to 2018.2.8
JetBrains IntelliJ IDEA Ultimate versions prior to 2018.1.8
JetBrains IntelliJ IDEA Ultimate versions prior to 2017.3.7
Description:
The issue allows a remote attacker to execute code when an Application Server run configuration is running, because a JMX server listened on all interfaces instead of localhost only. This affects configurations for Tomcat, Jetty, Resin, or CloudBees.
Recommendations:
For versions prior to 2018.3.4, update to version 2018.3.4 or later.
For versions prior to 2018.2.8, update to version 2018.2.8 or later.
For versions prior to 2018.1.8, update to version 2018.1.8 or later.
For versions prior to 2017.3.7, update to version 2017.3.7 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cloudbees
Intellij Idea Ultimate
Jetty
Resin
Apache Tomcat