DEBIAN-CVE-2019-0221

DEBIAN-CVE-2019-0221 PUBLISHED CVSS 6.099999904632568 MEDIUM

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

Risk Scores

CVSS 3.0

6.099999904632568

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:14	tomcat9	0, 0, 0
Debian:11	tomcat9	0, 0, 0
Debian:12	tomcat9	0, 0, 0
Debian:13	tomcat9	0, 0, 0

Exploit Intelligence

Nuclei Template: CVE-2019-0221 (nuclei-template)

Timeline

May 28, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-0221 advisory

Open in Interactive Console →