Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11472
ACE vulnerability in Apache Tomcat

Updated: 06/03/2020
Detect date
?
 04/13/2019
Severity
?
 Critical
Description

Multiple vulnerabilities was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code and perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A vulnerability in CGI Servlet component can be exploited via due to a bug in the way the JRE passes command line arguments to execute arbitrary code;
  2. A vulnerability in SSI printenv command can be exploited to perform cross-site scripting attack.

 
Affected products

Apache Tomcat 8.5.x earlier than 8.5.40
Apache Tomcat 7.x earlier than 7.0.94
Apache Tomcat 9.x earlier than 9.0.19
Solution

Update to the latest version
Download Tomcat 8
Download Tomcat 9
Original advisories

Apache Tomcat 8.x Security Vulnerabilities
Apache Tomcat 7.x Security Vulnerabilities
Apache Tomcat 9.x Security Vulnerabilities
Impacts
?
ACE 
[?]

XSS/CSS 
[?]
Related products
 Apache Tomcat
CVE-IDS
?
CVE-2019-02329.3Critical
CVE-2019-02214.3Warning
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up