#VU18638 Cross-site scripting in Apache Tomcat - CVE-2019-0221
Published: May 30, 2019 / Updated: November 25, 2021
Vulnerability identifier: #VU18638
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-0221
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Apache Tomcat
Apache Tomcat
Software vendor:
Apache Foundation
Apache Foundation
Description
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within SSI printenv command, when parsing URI. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Example:
http://[host]/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E
Remediation
Install updates from vendor's website.
External links
- http://seclists.org/fulldisclosure/2019/May/50
- https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E
- http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.19
- http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.40
- http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.94