exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2019-0221

Status Candidate

Overview

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

Related Files

Gentoo Linux Security Advisory 202003-43
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-43 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to arbitrary code execution. Versions less than 8.5.51 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-0221, CVE-2019-12418, CVE-2019-17563, CVE-2020-1938
MD5 | 0706e45ff179a253dcaf250f869f7c9e
Red Hat Security Advisory 2020-0861-01
Posted Mar 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0861-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, java, web, xss
systems | linux, redhat
advisories | CVE-2019-0221, CVE-2019-12418, CVE-2019-17563, CVE-2020-1938
MD5 | ce03caf269541673addd5abe38bc256a
Red Hat Security Advisory 2020-0860-01
Posted Mar 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0860-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 8 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, java, web, xss
systems | linux, redhat
advisories | CVE-2019-0221, CVE-2019-12418, CVE-2019-17563, CVE-2020-1938
MD5 | 6ba3b558d781a2b1987bc3aaaa7ddf4a
Debian Security Advisory 4596-1
Posted Dec 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4596-1 - Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2018-11784, CVE-2018-8014, CVE-2019-0199, CVE-2019-0221, CVE-2019-12418, CVE-2019-17563
MD5 | 09c17e7ab1b3a837f06eaa360ec8f557
Red Hat Security Advisory 2019-3929-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3929-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, java, web, xss
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-0221, CVE-2019-10072, CVE-2019-1559
MD5 | 1eeabab6776647e0fba3cdda4fbc7760
Red Hat Security Advisory 2019-3931-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3931-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-0221, CVE-2019-10072, CVE-2019-1559
MD5 | 2f30e18d2b9c86f33e0790d3461ef690
Ubuntu Security Notice USN-4128-2
Posted Sep 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4128-2 - It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2019-0221, CVE-2019-10072
MD5 | 0a22d2b7cc035c57d90e5de24b7d1228
Ubuntu Security Notice USN-4128-1
Posted Sep 10, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4128-1 - It was discovered that the Tomcat 8 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat 8 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service
systems | linux, ubuntu
advisories | CVE-2019-0221, CVE-2019-10072
MD5 | d66bc42f245d87347d37c986216e08a0
Page 1 of 1
Back1Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close