====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN168

_____________________________________________________________________

DATE                : 31/05/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Tomcat versions prior to
                                9.0.18, 8.5.40, 7.0.94.

=====================================================================
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201905.mbox/%3cb1905aa6-f340-8d0b-58c4-8ac3ebcbfa54@apache.org%3e
_____________________________________________________________________

CVE-2019-0221 Apache Tomcat XSS in SSI printenv

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.17
Apache Tomcat 8.5.0 to 8.5.39
Apache Tomcat 7.0.0 to 7.0.93

Description:
The SSI printenv command echoes user provided data without escaping and
is, therefore, vulnerable to XSS. SSI is disabled by default. The
printenv command is intended for debugging and is unlikely to be present
in a production website.

Mitigation:
Users of affected versions should apply one of the following
mitigations:
- Disable SSI
- Upgrade to Apache Tomcat 9.0.18 or later
- Upgrade to Apache Tomcat 8.5.40 or later
- Upgrade to Apache Tomcat 7.0.94 or later

Credit:
This issue was identified by Nightwatch Cybersecurity Research and
reported to the Apache Tomcat security team via the bug bounty program
sponsored by the EU FOSSA-2 project.

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html



=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================