KLA11472
ACE vulnerability in Apache Tomcat
Updated: 01/24/2020
Detect date
?
04/13/2019
Severity
?
Critical
Description

Multiple vulnerabilities was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code and perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A vulnerability in CGI Servlet component can be exploited via due to a bug in the way the JRE passes command line arguments to execute arbitrary code;
  2. A vulnerability in SSI printenv command can be exploited to perform cross-site scripting attack.

 

Affected products

Apache Tomcat 8.5.x earlier than 8.5.40
Apache Tomcat 7.x earlier than 7.0.94
Apache Tomcat 9.x earlier than 9.0.19

Solution

Update to the latest version
Download Tomcat 8
Download Tomcat 9

Original advisories

Apache Tomcat 8.x Security Vulnerabilities
Apache Tomcat 7.x Security Vulnerabilities
Apache Tomcat 9.x Security Vulnerabilities

Impacts
?
ACE 
[?]

XSS/CSS 
[?]
Related products
Apache Tomcat
CVE-IDS
?
CVE-2019-02329.3Critical
CVE-2019-02216.1High