Due to a vulnerability detailed in CVE-2019-0232, users and admins are advised to update the following Apache Tomcat versions. The update addresses a remote code execution vulnerability on Windows, whereby a remote attacker could take control of an affected system. Specific mitigation steps can be found below.
Versions Affected:
- Apache Tomcat 9.0.0.M1 to 9.0.17
- Apache Tomcat 8.5.0 to 8.5.39
- Apache Tomcat 7.0.0 to 7.0.93
Mitigation:
Users of affected versions should apply one of the following mitigations:
– Ensure the CGI Servlet initialisation parameter enableCmdLineArguments is set to false
– Upgrade to Apache Tomcat 9.0.18 or later
– Upgrade to Apache Tomcat 8.5.40 or later
– Upgrade to Apache Tomcat 7.0.93 or later