CVE-2019-0221
Published: 28 May 2019
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
Notes
Author | Note |
---|---|
mdeslaur | from upstream advisory: "The printenv command is intended for" "debugging and is unlikely to be present in a production" "website." |
Priority
Status
Package | Release | Status |
---|---|---|
tomcat7 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
cosmic |
Ignored
(end of life)
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Needed
|
|
upstream |
Needs triage
|
|
xenial |
Needed
|
|
Patches: upstream: https://github.com/apache/tomcat/commit/44ec74c |
||
tomcat8 Launchpad, Ubuntu, Debian |
bionic |
Released
(8.5.39-1ubuntu1~18.04.3)
|
cosmic |
Ignored
(end of life)
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(8.0.32-1ubuntu1.10)
|
|
Patches: upstream: https://github.com/apache/tomcat/commit/4fcdf70 |
||
tomcat9 Launchpad, Ubuntu, Debian |
bionic |
Released
(9.0.16-3ubuntu0.18.04.1)
|
cosmic |
Ignored
(end of life)
|
|
disco |
Released
(9.0.16-3ubuntu0.19.04.1)
|
|
eoan |
Not vulnerable
(9.0.16-4)
|
|
focal |
Not vulnerable
(9.0.16-4)
|
|
groovy |
Not vulnerable
(9.0.16-4)
|
|
hirsute |
Not vulnerable
(9.0.16-4)
|
|
impish |
Not vulnerable
(9.0.16-4)
|
|
jammy |
Not vulnerable
(9.0.16-4)
|
|
kinetic |
Not vulnerable
(9.0.16-4)
|
|
lunar |
Not vulnerable
(9.0.16-4)
|
|
mantic |
Not vulnerable
(9.0.16-4)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
Patches: upstream: https://github.com/apache/tomcat/commit/15fcd16 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |