CVE Number – CVE-2019-0232
A vulnerability in the CGI Servlet of Apache Tomcat could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.The vulnerability occurs when enableCmdLineArguments is enabled on a Windows system and the Java Runtime Environment (JRE) passes command-line arguments to the system. An attacker could exploit this vulnerability by passing command-line arguments to the affected system. A successful exploit could allow the attacker to execute code on the targeted system.The Apache Software Foundation has issued confirmed this vulnerability however updates are not available.
- To exploit this vulnerability, the attacker must pass command-line JRE arguments to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.
- Administrators are advised to check the vendor for future updates.Administrators are advised to allow only trusted users to have network access.Administrators are advised to monitor critical systems.
- The Apache Software Foundation has issued a security notice at the following link: Apache Tomcat Remote Code Execution on Windows
- At the time this alert was first published, the Apache Software Foundation had not released software updates.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.