Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
446
VMScore

CVE-2019-10072

Published: 21/06/2019 Updated: 08/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

It exists that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

apache tomcat 9.0.0

Vendor Advisories

Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release
Synopsis Moderate: Red Hat JBoss Web Server 52 security release Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 520 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security has rated this update as having a security impactof Moderate A C ...
Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release
Synopsis Moderate: Red Hat JBoss Web Server 52 security release Type/Severity Security Advisory: Moderate Topic Updated Red Hat JBoss Web Server 520 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated thi ...
Debian CVElist Bug Report Logs: tomcat9: CVE-2019-10072
Debian Bug report logs - #931131 tomcat9: CVE-2019-10072 Package: src:tomcat9; Maintainer for src:tomcat9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Jun 2019 18:45:01 UTC Severity: important Tags: security, upstream F ...
Debian Security Advisories: DSA-4680-1 tomcat9 -- security update
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector (disabled by default in Debian) or a man-in-the-middle attack against the JMX interface For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u1 The ...
Ubuntu Security Notice: tomcat8 vulnerabilities
Several security issues were fixed in Tomcat 8 ...
Ubuntu Security Notice: tomcat9 vulnerabilities
Several security issues were fixed in Tomcat 9 ...
Red Hat: CVE-2019-10072
Impact: Moderate Public Date: 2019-06-21 CWE: CWE-400 Bugzilla: 1723708: CVE-2019-10072 tomcat: HTTP/2 ...

Recent Articles

Yo, sysadmins! Thought Patch Tuesday was big? Oracle says 'hold my Java' with huge 334 security flaw fix bundle
The Register • Shaun Nichols in San Francisco • 15 Jan 2020

House of Larry delivers massive update for 93 products Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should

Oracle has released a sweeping set of security patches across the breadth of its software line. The January update, delivered one day after Microsoft, Intel, Adobe, and others dropped their scheduled monthly patches, addresses a total of 334 security vulnerabilities across 93 different products from the enterprise giant. As you may imagine, most IT admins will only need to test and apply a handful of the updates for their specific platforms. For Oracle's flagship Database Server, the update incl...

Read more...

References

CWE-667https://www.synology.com/security/advisory/Synology_SA_19_29http://www.securityfocus.com/bid/108874https://security.netapp.com/advisory/ntap-20190625-0002/https://support.f5.com/csp/article/K17321505https://usn.ubuntu.com/4128-1/https://usn.ubuntu.com/4128-2/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://access.redhat.com/errata/RHSA-2019:3931https://access.redhat.com/errata/RHSA-2019:3929http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.debian.org/security/2020/dsa-4680https://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a%40%3Cannounce.tomcat.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2019:3931https://nvd.nist.govhttps://usn.ubuntu.com/4128-1/https://www.debian.org/security/2020/dsa-4680
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook