KLA11472
ACE vulnerability in Apache Tomcat
Обновлено: 08/10/2019
Дата обнаружения
13/04/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code and perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A vulnerability in CGI Servlet component can be exploited via due to a bug in the way the JRE passes command line arguments to execute arbitrary code;
  2. A vulnerability in SSI printenv command can be exploited to perform cross-site scripting attack.

 

Пораженные продукты

Apache Tomcat 8.5.x earlier than 8.5.40
Apache Tomcat 7.x earlier than 7.0.94
Apache Tomcat 9.x earlier than 9.0.19

Решение

Update to the latest version
Download Tomcat 8
Download Tomcat 9

Первичный источник обнаружения
Apache Tomcat 8.x Security Vulnerabilities
Apache Tomcat 7.x Security Vulnerabilities
Apache Tomcat 9.x Security Vulnerabilities
Оказываемое влияние
?
ACE 
[?]

XSS/CSS 
[?]
Связанные продукты
Apache Tomcat
CVE-IDS
CVE-2019-02329.3Critical
CVE-2019-02216.1High