Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-0221

Опубликовано: 28 мая 2019
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

released

7.0.78-1ubuntu0.1~esm1
esm-apps/xenial

released

7.0.68-1ubuntu0.4+esm2
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.16+esm1
esm-infra/focal

DNE

focal

DNE

Показывать по

РелизСтатусПримечание
bionic

released

8.5.39-1ubuntu1~18.04.3
cosmic

ignored

end of life
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

released

8.5.39-1ubuntu1~18.04.3
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1.10
focal

DNE

Показывать по

РелизСтатусПримечание
bionic

released

9.0.16-3ubuntu0.18.04.1
cosmic

ignored

end of life
devel

not-affected

9.0.16-4
disco

released

9.0.16-3ubuntu0.19.04.1
eoan

not-affected

9.0.16-4
esm-apps/bionic

released

9.0.16-3ubuntu0.18.04.1
esm-apps/focal

not-affected

9.0.16-4
esm-apps/jammy

not-affected

9.0.16-4
esm-apps/noble

not-affected

9.0.16-4
esm-infra-legacy/trusty

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 92%
0.09193
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-0221

CVSS3: 5
redhat
около 6 лет назад

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

nvd логотип

CVE-2019-0221

CVSS3: 6.1
nvd
около 6 лет назад

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

debian логотип

CVE-2019-0221

CVSS3: 6.1
debian
около 6 лет назад

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...

github логотип

GHSA-jjpq-gp5q-8q6w

CVSS3: 6.1
github
около 6 лет назад

Cross-site scripting in Apache Tomcat

fstec логотип

BDU:2020-01021

CVSS3: 6.1
fstec
около 6 лет назад

Уязвимость команды printenv сервера приложений Apache Tomcat, позволяющая нарушителю осуществить межсайтовую сценарную атаку

EPSS

Процентиль: 92%
0.09193
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3