Bug#929895: tomcat9: CVE-2019-0221
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 2 20:21:34 BST 2019
Source: tomcat9
Version: 9.0.16-3
Severity: normal
Tags: security upstream
Hi,
The following vulnerability was published for tomcat9.
CVE-2019-0221[0]:
| The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0
| to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without
| escaping and is, therefore, vulnerable to XSS. SSI is disabled by
| default. The printenv command is intended for debugging and is
| unlikely to be present in a production website.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-0221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0221
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list