CVE-2019-0221

medium

Description

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

References

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

http://seclists.org/fulldisclosure/2019/May/50

https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html

http://www.securityfocus.com/bid/108545

https://security.netapp.com/advisory/ntap-20190606-0001/

https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html

https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html

https://usn.ubuntu.com/4128-1/

https://usn.ubuntu.com/4128-2/

https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS

https://access.redhat.com/errata/RHSA-2019:3931

https://access.redhat.com/errata/RHSA-2019:3929

https://www.debian.org/security/2019/dsa-4596

https://seclists.org/bugtraq/2019/Dec/43

https://www.oracle.com/security-alerts/cpujan2020.html

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://security.gentoo.org/glsa/202003-43

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuApr2021.html

http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html

Details

Source: MITRE

Published: 2019-05-28

Updated: 2021-07-13

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM