Lucene search
+L

CVE-2019-0232

🗓️ 15 Apr 2019 14:23:52Reported by apacheType 
cve
 cve
🔗 web.nvd.nist.gov👁 1513 Views🌐 WEB

Apache Tomcat 9.0.0.M1 to 9.0.17 Remote Code Execution CVE-2019-023

Related
Detection
Affected
Refs
Paths
NVD
Vulners
Node
AND
OR
apachetomcatRange7.0.07.0.93
apachetomcatRange8.5.08.5.39
apachetomcatRange9.0.19.0.17
apachetomcatMatch9.0.0milestone1
apachetomcatMatch9.0.0milestone10
apachetomcatMatch9.0.0milestone11
apachetomcatMatch9.0.0milestone12
apachetomcatMatch9.0.0milestone13
apachetomcatMatch9.0.0milestone14
apachetomcatMatch9.0.0milestone15
apachetomcatMatch9.0.0milestone16
apachetomcatMatch9.0.0milestone17
apachetomcatMatch9.0.0milestone18
apachetomcatMatch9.0.0milestone19
apachetomcatMatch9.0.0milestone2
apachetomcatMatch9.0.0milestone20
apachetomcatMatch9.0.0milestone21
apachetomcatMatch9.0.0milestone22
apachetomcatMatch9.0.0milestone23
apachetomcatMatch9.0.0milestone24
apachetomcatMatch9.0.0milestone25
apachetomcatMatch9.0.0milestone26
apachetomcatMatch9.0.0milestone3
apachetomcatMatch9.0.0milestone4
apachetomcatMatch9.0.0milestone5
apachetomcatMatch9.0.0milestone6
apachetomcatMatch9.0.0milestone7
apachetomcatMatch9.0.0milestone8
apachetomcatMatch9.0.0milestone9
[
  {
    "product": "Tomcat",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.M1 to 9.0.17"
      },
      {
        "status": "affected",
        "version": "8.5.0 to 8.5.39"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.93"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
dirquery paramcgi/ism.batCGI batch file endpoint vulnerable when enableCmdLineArguments is true; allows command execution via crafted query parameter.CWE-78
%26whoamiquery paramcgi-bin/cmd.batCGI batch script endpoint vulnerable to command injection via URL-encoded & separator in the query string.CWE-78
echoquery paramcgi-bin/printenv.batCGI batch test endpoint vulnerable to RCE through crafted query string on Windows with CGI enabled.CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation