Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-0221

Published: 28/05/2019 Updated: 08/12/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

It exists that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

apache tomcat 9.0.0

Vendor Advisories

Debian CVElist Bug Report Logs: tomcat9: CVE-2019-0221
Debian Bug report logs - #929895 tomcat9: CVE-2019-0221 Package: src:tomcat9; Maintainer for src:tomcat9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 2 Jun 2019 19:24:01 UTC Severity: normal Tags: security, upstream Found ...
Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and RHEL 7Red Hat Product Security has rated this release as having a security impact of Important A Commo ...
Red Hat: Important: Red Hat JBoss Web Server 3.1 Service Pack 8 security update
Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impact of Important A Common Vulnerability Scorin ...
Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release
Synopsis Moderate: Red Hat JBoss Web Server 52 security release Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 520 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security has rated this update as having a security impactof Moderate A C ...
Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release
Synopsis Moderate: Red Hat JBoss Web Server 52 security release Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 520 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated thi ...
Debian Security Advisories: DSA-4596-1 tomcat8 -- security update
Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross-site scripting, denial of service via resource exhaustion and insecure redirects For the oldstable distribution (stretch), these problems have been fixed in version 8550-0+deb9u1 This update also req ...
Ubuntu Security Notice: tomcat8 vulnerabilities
Several security issues were fixed in Tomcat 8 ...
Ubuntu Security Notice: tomcat9 vulnerabilities
Several security issues were fixed in Tomcat 9 ...
Amazon Linux AMI: ALAS-2019-1234
The HTTP/2 implementation in Apache Tomcat accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually lea ...
Amazon Linux AMI: ALAS-2019-1235
The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS SSI is disabled by default The printenv command is intended for debugging and is unlikely to be present in a production website (CVE-2019-0221) ...
Amazon Linux 2: ALAS2-2023-2200
The SSI printenv command in Apache Tomcat 900M1 to 90017, 850 to 8539 and 700 to 7093 echoes user provided data without escaping and is, therefore, vulnerable to XSS SSI is disabled by default The printenv command is intended for debugging and is unlikely to be present in a production website (CVE-2019-0221) ...
Amazon Linux 2: ALASTOMCAT8.5-2023-014
The SSI printenv command in Apache Tomcat 900M1 to 90017, 850 to 8539 and 700 to 7093 echoes user provided data without escaping and is, therefore, vulnerable to XSS SSI is disabled by default The printenv command is intended for debugging and is unlikely to be present in a production website (CVE-2019-0221) ...

Exploits

Exploit DB: Apache Tomcat 9.0.0.M1 Cross Site Scripting
These are details on a cross site scripting vulnerability in Apache Tomcat version 900M1 that was discovered in 2019 ...

Mailing Lists

Full Disclosure: XSS in SSI printenv command – Apache Tomcat – CVE-2019-0221
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> XSS in SSI printenv command – Apache Tomcat – CVE-2019-0221 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

Github Repositories

https://github.com/simran-sankhala/Pentest-Tomcat

Pentesting Apache Tomcat 101

Pentest-Tomcat Enumeration Version $ curl -s tomcat-sitelocal:8080/docs/ | grep Tomcat &lt;html lang="en"&gt;&lt;head&gt;&lt;META http-equiv="Content-Type" content="text/html; charset=UTF-8"&gt;&lt;link href="/images/docs-stylesheetcss" rel="stylesheet" type="text/css"&gt;&a

https://github.com/kh4sh3i/Apache-Tomcat-Pentesting

Apache Tomcat exploit and Pentesting guide for penetration tester

Apache Tomcat Apache Tomcat exploit and Pentesting guide for penetration tester Default credentials The most interesting path of Tomcat is /manager/html, inside that path you can upload and deploy war files (execute code) But this path is protected by basic HTTP auth, the most common credentials are: admin:admin tomcat:tomcat admin:&lt;NOTHING&gt; admin:s3cr3t tomcat:s

https://github.com/Rajchowdhury420/Hack-Tomcat

Hacking Apache tomcat

Pentest-Tomcat Enumeration Version $ curl -s tomcat-sitelocal:8080/docs/ | grep Tomcat &lt;html lang="en"&gt;&lt;head&gt;&lt;META http-equiv="Content-Type" content="text/html; charset=UTF-8"&gt;&lt;link href="/images/docs-stylesheetcss" rel="stylesheet" type="text/css"&gt;&a

References

CWE-79http://seclists.org/fulldisclosure/2019/May/50https://lists.debian.org/debian-lts-announce/2019/05/msg00044.htmlhttp://www.securityfocus.com/bid/108545https://security.netapp.com/advisory/ntap-20190606-0001/https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.htmlhttps://lists.debian.org/debian-lts-announce/2019/08/msg00015.htmlhttps://usn.ubuntu.com/4128-1/https://usn.ubuntu.com/4128-2/https://access.redhat.com/errata/RHSA-2019:3931https://access.redhat.com/errata/RHSA-2019:3929https://www.debian.org/security/2019/dsa-4596https://seclists.org/bugtraq/2019/Dec/43https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://security.gentoo.org/glsa/202003-43https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttp://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c%40%3Cannounce.tomcat.apache.org%3Ehttps://support.f5.com/csp/article/K13184144?utm_source=f5support&%3Butm_medium=RSShttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929895https://nvd.nist.govhttps://usn.ubuntu.com/4128-1/https://www.debian.org/security/2019/dsa-4596
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook