Security Update Available for Apache Tomcat

Due to a vulnerability detailed in CVE-2019-0232, users and admins are advised to update the following Apache Tomcat versions. The update addresses a remote code execution vulnerability on Windows, whereby a remote attacker could take control of an affected system. Specific mitigation steps can be found below.

Versions Affected:

  • Apache Tomcat 9.0.0.M1 to 9.0.17
  • Apache Tomcat 8.5.0 to 8.5.39
  • Apache Tomcat 7.0.0 to 7.0.93


Users of affected versions should apply one of the following mitigations:

– Ensure the CGI Servlet initialisation parameter enableCmdLineArguments is set to false

– Upgrade to Apache Tomcat 9.0.18 or later 

– Upgrade to Apache Tomcat 8.5.40 or later 

– Upgrade to Apache Tomcat 7.0.93 or later