The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-05-28T21:01:28
Updated: 2024-08-04T17:44:15.953Z
Reserved: 2018-11-14T00:00:00
Link: CVE-2019-0221
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-28T22:29:00.563
Modified: 2024-11-21T04:16:31.373
Link: CVE-2019-0221
Redhat