FortiClient Vulnerability

Apache Tomcat CVE-2019-0232 Command Injection Vulnerability

Description

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange\'s blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).

Affected Applications

Apache Tomcat

CVE References

CVE-2019-0232

Other References

http://tomcat.apache.org/security.html

ID	70301
Created	Jan 12, 2022
Description Updated	Dec 14, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	Apache
Patch	manual
Application	Apache Tomcat

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Apache Tomcat CVE-2019-0232 Command Injection Vulnerability

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Apache Tomcat CVE-2019-0232 Command Injection Vulnerability

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center