admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-02xx/CVE-2019-0221.json
cad-safe-bot b47d02a333 Auto-Update: 2023-11-07T21:02:52.274489+00:00
2023-11-07 21:03:21 +00:00

367 lines
13 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-0221",
"sourceIdentifier": "security@apache.org",
"published": "2019-05-28T22:29:00.563",
"lastModified": "2023-11-07T03:01:52.150",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website."
},
{
"lang": "es",
"value": "El comando printenv de SSI en Apache Tomcat versi\u00f3n 9.0.0.M1 hasta 9.0.0.17, versi\u00f3n 8.5.0 hasta 8.5.39 y versi\u00f3n 7.0.0 hasta 7.0.93, hace eco de los datos suministrados por el usuario sin escapar, y en consecuencia, es vulnerable a XSS. SSI est\u00e1 deshabilitado por defecto. El comando printenv est\u00e1 destinado a la depuraci\u00f3n y es poco probable que est\u00e9 presente en un sitio web de producci\u00f3n."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndIncluding": "7.0.93",
"matchCriteriaId": "91627C43-9E36-447C-AC2B-A63F1CDB29C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.5.0",
"versionEndIncluding": "8.5.39",
"matchCriteriaId": "4064056C-7B06-49BA-A4D2-0C228060B116"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.1",
"versionEndIncluding": "9.0.17",
"matchCriteriaId": "4A70BBA8-1F21-4CD6-822A-17ECC4710065"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "34EB147F-4D0B-49D5-95DB-ED36F6ECA517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*",
"matchCriteriaId": "E6A52BDB-1384-470D-9A45-2A5A3F6A9795"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*",
"matchCriteriaId": "50820930-F6F0-4BDC-90A5-CC54592A7970"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*",
"matchCriteriaId": "3A401718-6009-4BAB-AE21-D8CDC11BA28A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*",
"matchCriteriaId": "87C93F0D-3C87-4E53-9426-4E442279A616"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*",
"matchCriteriaId": "D386FA01-80C5-44FA-8B4D-9A4321575929"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*",
"matchCriteriaId": "A7084406-5F98-407C-AB0C-8FB49090DB84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*",
"matchCriteriaId": "23D299BF-CF9D-47AC-BFE3-EB8FB6ED85A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*",
"matchCriteriaId": "458707DD-0813-46A2-AF43-99E51001A252"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*",
"matchCriteriaId": "FFD72BFB-A4BF-4AA3-A116-E03682FD6A3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*",
"matchCriteriaId": "5607C05A-3A02-4ECD-9485-3106D94C6017"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E99E2479-0701-45F8-A2E3-032FBECCE704"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*",
"matchCriteriaId": "4FF53C5D-BE39-4A82-81A9-B754FBAE8974"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*",
"matchCriteriaId": "6F1932C7-0D7C-4D0C-A0F7-BD4E78AAC9B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*",
"matchCriteriaId": "A0E9EE78-020F-4EA3-BEC7-254571686559"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*",
"matchCriteriaId": "5DF108E2-BBBA-41F4-B51F-E2DD56C4974E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*",
"matchCriteriaId": "CE6B8ED0-01E6-4382-B1D9-DD00121EB656"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*",
"matchCriteriaId": "99D7925D-A541-4AD8-B558-ED29000A4249"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*",
"matchCriteriaId": "65338975-C706-45E1-BE75-D59192D8A9F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*",
"matchCriteriaId": "C4B76DFF-28CF-4FDC-9630-10EAE800525F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "01633F5D-3C81-41B0-84B5-4EF5F58C50C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*",
"matchCriteriaId": "0A9F84CF-504C-4265-8DB3-1F108B7C3BFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*",
"matchCriteriaId": "A8A9EBAD-79A9-4774-B2AA-7A45B36B5E63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*",
"matchCriteriaId": "B4BD6F87-A60C-40DA-BDFB-8E7A7448F37E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*",
"matchCriteriaId": "4C828DCE-1C17-48B3-89F2-A461E00C9211"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*",
"matchCriteriaId": "6930A67B-C0D8-4CB0-BCC8-5F8448C60651"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*",
"matchCriteriaId": "C3D53D09-BDDC-4282-B7C7-34CC82476FDE"
}
]
}
]
}
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html",
"source": "security@apache.org"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html",
"source": "security@apache.org"
},
{
"url": "http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html",
"source": "security@apache.org"
},
{
"url": "http://seclists.org/fulldisclosure/2019/May/50",
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/108545",
"source": "security@apache.org"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3929",
"source": "security@apache.org"
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3931",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c%40%3Cannounce.tomcat.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html",
"source": "security@apache.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html",
"source": "security@apache.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/",
"source": "security@apache.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/",
"source": "security@apache.org"
},
{
"url": "https://seclists.org/bugtraq/2019/Dec/43",
"source": "security@apache.org"
},
{
"url": "https://security.gentoo.org/glsa/202003-43",
"source": "security@apache.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190606-0001/",
"source": "security@apache.org"
},
{
"url": "https://support.f5.com/csp/article/K13184144?utm_source=f5support&amp%3Butm_medium=RSS",
"source": "security@apache.org"
},
{
"url": "https://usn.ubuntu.com/4128-1/",
"source": "security@apache.org"
},
{
"url": "https://usn.ubuntu.com/4128-2/",
"source": "security@apache.org"
},
{
"url": "https://www.debian.org/security/2019/dsa-4596",
"source": "security@apache.org"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"source": "security@apache.org"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"source": "security@apache.org"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2020.html",
"source": "security@apache.org"
},
{
"url": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/",
"source": "security@apache.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink