Lucene search

GitHub Advisory DatabaseGHSA-JJPQ-GP5Q-8Q6W

HistoryMay 30, 2019 - 3:30 a.m.

Cross-site scripting in Apache Tomcat

2019-05-3003:30:42

CWE-79

GitHub Advisory Database

github.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.011

Percentile

84.5%

JSON

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

Affected configurations

Vulners

Node

org.apache.tomcat.embedtomcat-embed-coreRange7.0.0–7.0.94

org.apache.tomcat.embedtomcat-embed-coreRange8.0.0–8.5.40

org.apache.tomcat.embedtomcat-embed-coreRange9.0.0–9.0.17

VendorProductVersionCPE
org.apache.tomcat.embedtomcat-embed-core*cpe:2.3:a:org.apache.tomcat.embed:tomcat-embed-core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.apache.tomcat.embed	tomcat-embed-core	*	cpe:2.3:a:org.apache.tomcat.embed:tomcat-embed-core::::::::

References

lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html

lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html

packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2019/May/50

access.redhat.com/errata/RHSA-2019:3929

access.redhat.com/errata/RHSA-2019:3931

github.com/advisories/GHSA-jjpq-gp5q-8q6w

github.com/apache/tomcat/commit/15fcd166ea2c1bb79e8541b8e1a43da9c452ceea

github.com/apache/tomcat/commit/44ec74c44dcd05cd7e90967c04d40b51440ecd7e

github.com/apache/tomcat/commit/4fcdf706f3ecf35912a600242f89637f5acb32da

lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c%40%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E

lists.debian.org/debian-lts-announce/2019/05/msg00044.html

lists.debian.org/debian-lts-announce/2019/08/msg00015.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46

lists.fedoraproject.org/archives/list/[email protected]/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3

lists.fedoraproject.org/archives/list/[email protected]/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46

nvd.nist.gov/vuln/detail/CVE-2019-0221

seclists.org/bugtraq/2019/Dec/43

security.gentoo.org/glsa/202003-43

security.netapp.com/advisory/ntap-20190606-0001

support.f5.com/csp/article/K13184144?utm_source=f5support&amp%3Butm_medium=RSS

support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

tomcat.apache.org/security-9.html

usn.ubuntu.com/4128-1

usn.ubuntu.com/4128-2

web.archive.org/web/20200227055048/www.securityfocus.com/bid/108545

www.debian.org/security/2019/dsa-4596

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2020.html

wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.011

Percentile

84.5%

JSON

Related for GHSA-JJPQ-GP5Q-8Q6W