CVE-2019-0221

Impact:
Low
Public Date:
2019-04-13
CWE:
CWE-79
Bugzilla:
1713275: CVE-2019-0221 tomcat: XSS in SSI printenv

The MITRE CVE dictionary describes this issue as:

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

Find out more about CVE-2019-0221 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Affected Packages State

Platform Package State
Red Hat JBoss Web Server 5 tomcat Affected
Red Hat JBoss Operations Network 3 jbossweb Out of support scope
Red Hat JBoss Fuse 7 tomcat Affected
Red Hat JBoss Fuse 6 tomcat Out of support scope
Red Hat JBoss EAP 6 jbossweb Out of support scope
Red Hat JBoss EAP 5 jbossweb Out of support scope
Red Hat JBoss Data Virtualization 6 jbossweb Out of support scope
Red Hat JBoss Data Grid 7 tomcat Not affected
Red Hat JBoss Data Grid 6 jbossweb Out of support scope
Red Hat JBoss BRMS 6 tomcat Out of support scope
Red Hat JBoss BRMS 5 jbossweb Out of support scope
Red Hat JBoss BPMS 6 tomcat Out of support scope
Red Hat Enterprise Linux 8 pki-deps:10.6/pki-servlet-container Affected
Red Hat Enterprise Linux 7 tomcat Affected
Red Hat Enterprise Linux 6 tomcat6 Out of support scope
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Mitigation

SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.

Last Modified

CVE description copyright © 2017, The MITRE Corporation