Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-0199

Published: 10/04/2019 Updated: 08/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

It exists that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

apache tomcat 9.0.0

Vendor Advisories

Debian CVElist Bug Report Logs: tomcat9: CVE-2019-10072
Debian Bug report logs - #931131 tomcat9: CVE-2019-10072 Package: src:tomcat9; Maintainer for src:tomcat9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Jun 2019 18:45:01 UTC Severity: important Tags: security, upstream F ...
Red Hat: Important: Red Hat support for Spring Boot 2.1.12 security and bug fix update
Synopsis Important: Red Hat support for Spring Boot 2112 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release
Synopsis Moderate: Red Hat JBoss Web Server 52 security release Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 520 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security has rated this update as having a security impactof Moderate A C ...
Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release
Synopsis Moderate: Red Hat JBoss Web Server 52 security release Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 520 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated thi ...
Debian Security Advisories: DSA-4596-1 tomcat8 -- security update
Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects For the oldstable distribution (stretch), these problems have been fixed in version 8550-0+deb9u1 This update also req ...
Ubuntu Security Notice: tomcat8 vulnerabilities
Several security issues were fixed in Tomcat 8 ...
Ubuntu Security Notice: tomcat9 vulnerabilities
Several security issues were fixed in Tomcat 9 ...
Amazon Linux AMI: ALAS-2019-1234
The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually lea ...
Amazon Linux AMI: ALAS-2019-1208
When the default servlet in Apache Tomcat returned a redirect to a directory (eg redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice (CVE-2018-11784) When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Ap ...

Github Repositories

https://github.com/actions-marketplace-validations/javixeneize_yasca

Zasca Yasca (Yet Another SCA) tool - or just Yasca, Zasca (Initially created as Yasca, but since there is another tool with the same name, it was renamed as Zasca ) is an opensource SCA tool written in Python It is relies on Github advisories to detect vulnerabilities in the libraries In this first release, it only works with Java projects built with Maven, but there are plan

https://github.com/javixeneize/yasca

Yet Another SCA tool

Zasca Yasca (Yet Another SCA) tool - or just Yasca, Zasca (Initially created as Yasca, but since there is another tool with the same name, it was renamed as Zasca ) is an opensource SCA tool written in Python It is relies on Github advisories to detect vulnerabilities in the libraries In this first release, it only works with Java projects built with Maven, but there are plan

https://github.com/javixeneize/zasca

Yet Another SCA tool

Zasca Yasca (Yet Another SCA) tool - or just Yasca, Zasca (Initially created as Yasca, but since there is another tool with the same name, it was renamed as Zasca ) is an opensource SCA tool written in Python It is relies on Github advisories to detect vulnerabilities in the libraries In this first release, it only works with Java projects built with Maven, but there are plan

https://github.com/actions-marketplace-validations/javixeneize_zasca

Zasca Yasca (Yet Another SCA) tool - or just Yasca, Zasca (Initially created as Yasca, but since there is another tool with the same name, it was renamed as Zasca ) is an opensource SCA tool written in Python It is relies on Github advisories to detect vulnerabilities in the libraries In this first release, it only works with Java projects built with Maven, but there are plan

References

CWE-400https://security.netapp.com/advisory/ntap-20190419-0001/https://support.f5.com/csp/article/K17321505http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.htmlhttp://www.securityfocus.com/bid/107674https://access.redhat.com/errata/RHSA-2019:3929https://access.redhat.com/errata/RHSA-2019:3931https://www.debian.org/security/2019/dsa-4596https://seclists.org/bugtraq/2019/Dec/43https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00013.htmlhttps://lists.apache.org/thread.html/e1b0b273b6e8ddcc72c9023bc2394b1276fc72664144bf21d0a87995%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/e56886e1bac9319ecce81b3612dd7a1a43174a3a741a1c805e16880e%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/9fe25f98bac6d66f8a663a15c37a98bc2d8f8bbed1d408791a3e4067%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/4c438fa4c78cb1ce8979077f668ab7145baf83e7c59f2faf7eccf094%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/cf4eb2bd2083cebb3602a293c653f9a7faa96c86f672c876f25b37ef%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/158ab719cf60448ddbb074798f09152fdb572fc8f781e70a56118d1a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/e87733036e8c84ea648cdcdca3098f3c8a897e2652c33062b2b1535c%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/a7a201bd23e67fd3326c9b22b814dd0537d3270b3b54a768e2e7ef50%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/dddb3590bac28fbe89f69f5ccbe26283d014ddc691abdd042de14600%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/7bb193bc68b28d21ff1c726fd38bea164deb6333b59eec2eb3661da6%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ac0185ce240a711b542a55bccf9349ab0c2f343d70cf7835e08fabc9%40%3Cannounce.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931131https://nvd.nist.govhttps://usn.ubuntu.com/4128-1/https://www.debian.org/security/2019/dsa-4596
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook