Lucene search
+L

CVE-2019-0221

🗓️ 28 May 2019 21:01:28Reported by apacheType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 784 Views🌐 WEB

CVE-2019-0221 Apache Tomcat XSS vulnerabilit

Related
Detection
Affected
Refs
Paths
Social
NVD
Vulners
Node
OR
apachetomcatRange7.0.07.0.93
apachetomcatRange8.5.08.5.39
apachetomcatRange9.0.19.0.17
apachetomcatMatch9.0.0milestone1
apachetomcatMatch9.0.0milestone10
apachetomcatMatch9.0.0milestone11
apachetomcatMatch9.0.0milestone12
apachetomcatMatch9.0.0milestone13
apachetomcatMatch9.0.0milestone14
apachetomcatMatch9.0.0milestone15
apachetomcatMatch9.0.0milestone16
apachetomcatMatch9.0.0milestone17
apachetomcatMatch9.0.0milestone18
apachetomcatMatch9.0.0milestone19
apachetomcatMatch9.0.0milestone2
apachetomcatMatch9.0.0milestone20
apachetomcatMatch9.0.0milestone21
apachetomcatMatch9.0.0milestone22
apachetomcatMatch9.0.0milestone23
apachetomcatMatch9.0.0milestone24
apachetomcatMatch9.0.0milestone25
apachetomcatMatch9.0.0milestone26
apachetomcatMatch9.0.0milestone27
apachetomcatMatch9.0.0milestone3
apachetomcatMatch9.0.0milestone4
apachetomcatMatch9.0.0milestone5
apachetomcatMatch9.0.0milestone6
apachetomcatMatch9.0.0milestone7
apachetomcatMatch9.0.0milestone8
apachetomcatMatch9.0.0milestone9
[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Tomcat 9.0.0.M1 to 9.0.0.17"
      },
      {
        "status": "affected",
        "version": "8.5.0 to 8.5.39"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.93"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
QUERY_STRING_UNESCAPEDpathssi/printenv.shtmlApache Tomcat SSI printenv directive echoes user-provided data without escaping, enabling XSS via the query string.CWE-79
QUERY_STRING_UNESCAPEDpathprintenv.shtmlApache Tomcat SSI printenv directive echoes user-provided data without escaping, enabling XSS via the query string.CWE-79

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:08Current
6.8Medium risk
Vulners AI Score6.8
CVSS 24.3
CVSS 36.1
EPSS0.45571
784