PT-2019-11567 · Jetbrains+4 · Intellij Idea Ultimate+4
Jonathan Leitschuh
·
Published
2019-07-03
·
Updated
2020-08-24
·
CVE-2019-10104
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
JetBrains IntelliJ IDEA Ultimate versions prior to 2018.3.4
JetBrains IntelliJ IDEA Ultimate versions prior to 2018.2.8
JetBrains IntelliJ IDEA Ultimate versions prior to 2018.1.8
JetBrains IntelliJ IDEA Ultimate versions prior to 2017.3.7
Description:
The issue allows a remote attacker to execute code when an Application Server run configuration is running, because a JMX server listened on all interfaces instead of localhost only. This affects configurations for Tomcat, Jetty, Resin, or CloudBees.
Recommendations:
For versions prior to 2018.3.4, update to version 2018.3.4 or later.
For versions prior to 2018.2.8, update to version 2018.2.8 or later.
For versions prior to 2018.1.8, update to version 2018.1.8 or later.
For versions prior to 2017.3.7, update to version 2017.3.7 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cloudbees
Intellij Idea Ultimate
Jetty
Resin
Apache Tomcat