CVE-2019-0221

Updated: 2024-11-23 01:34:03.965302

Description:

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 6.1

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

Ubuntu 16.04 ELS tomcat7 7.0.68-1 6.1 MEDIUM Released CLSA-2022:1670606563 2022-12-09 13:02:58
Ubuntu 16.04 ELS tomcat8 8.0.32-1 6.1 MEDIUM Already Fixed 2024-07-30 17:23:47
Ubuntu 18.04 ELS tomcat8 8.5.39-1 6.1 MEDIUM Already Fixed 2024-07-30 17:23:47
Ubuntu 18.04 ELS tomcat9 9.0.16-3 6.1 MEDIUM Already Fixed 2024-07-30 17:23:47