#VU18638 Cross-site scripting


Published: 2021-11-25

Vulnerability identifier: #VU18638

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-0221

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within SSI printenv command, when parsing URI. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Example:

http://[host]/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache Tomcat: 9.0.0-M1 - 9.0.16, 8.5.0 - 8.5.38, 8.0.0 - 8.0.52, 7.0.0 - 7.0.91


CPE

External links
http://seclists.org/fulldisclosure/2019/May/50
http://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.19
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.40
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.94


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability