Remote Code Execution in Apache Tomcat on Windows
CVE-2019-0232

8.1HIGH

Key Information:

Vendor
Apache
Status
Tomcat
Vendor
CVE Published:
15 April 2019

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%

Summary

A vulnerability exists in the CGI Servlet of Apache Tomcat when configured with enableCmdLineArguments on Windows. This flaw allows an attacker to execute arbitrary code remotely due to improper handling of command line arguments passed from the Java Runtime Environment (JRE). Although the CGI Servlet is disabled by default, configurations enabling command line arguments could expose systems to exploitation. Users are advised to ensure secure configurations and update to patched versions to mitigate risks.

Affected Version(s)

Tomcat 9.0.0.M1 to 9.0.17

Tomcat 8.5.0 to 8.5.39

Tomcat 7.0.0 to 7.0.93

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-0232
Created by pyn3rd

CVE-2019-0232
Created by jas502n

CVE-2019-0232
Created by setrus

References

https://lists.apache.org/thread.html/5f297a4b9080b5f65a05...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/673b6148d92cd7bc99ea...
mailing-listx_refsource_MLIST

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.