Home

CVE-2019-0232

Description

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftanges blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.22

Associated Vulnerability

VulnerabilityOS Platform
Update Apache Tomcat to version 9.0.19Windows
Update Apache Tomcat to version 8.5.40Windows
Update Apache Tomcat to version 7.0.94Windows
Vulnerabilities CVE-2019-0221,CVE-2019-0232 are fixed in Apache - tomcat-embed-core 9.0.17Windows
Vulnerabilities CVE-2019-0221,CVE-2019-0232 are fixed in Apache - tomcat-embed-core 8.5.40Windows
Vulnerabilities CVE-2019-0221,CVE-2019-0232 are fixed in Apache - tomcat-embed-core 7.0.94Windows
Update Apache Tomcat to version 9.0.19 (For Linux)Linux
Update Apache Tomcat to version 8.5.40 (For Linux)Linux
Update Apache Tomcat to version 7.0.94 (For Linux)Linux
Vulnerabilities CVE-2019-0221,CVE-2019-0232 are fixed in Apache - tomcat-embed-core for Linux 9.0.17Linux
Vulnerabilities CVE-2019-0221,CVE-2019-0232 are fixed in Apache - tomcat-embed-core for Linux 8.5.40Linux
Vulnerabilities CVE-2019-0221,CVE-2019-0232 are fixed in Apache - tomcat-embed-core for Linux 7.0.94Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234