{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-0232",
        "ASSIGNER": "security@apache.org",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Apache",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Tomcat",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "9.0.0.M1 to 9.0.17"
                                        },
                                        {
                                            "version_value": "8.5.0 to 8.5.39"
                                        },
                                        {
                                            "version_value": "7.0.0 to 7.0.93"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Remote Code Execution"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MLIST",
                "name": "[tomcat-users] 20190410 [SECURITY] CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows",
                "url": "https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767@%3Cannounce.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ofbiz-commits] 20190415 svn commit: r1857587 - in /ofbiz: ofbiz-framework/branches/release18.12/build.gradle ofbiz-plugins/branches/release18.12/example/build.gradle",
                "url": "https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ofbiz-commits] 20190415 svn commit: r1857586 - in /ofbiz: ofbiz-framework/trunk/build.gradle ofbiz-plugins/trunk/example/build.gradle",
                "url": "https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ofbiz-commits] 20190415 svn commit: r1857588 - in /ofbiz: ofbiz-framework/branches/release17.12/build.gradle ofbiz-plugins/branches/release17.12/example/build.gradle",
                "url": "https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac@%3Ccommits.ofbiz.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ofbiz-notifications] 20190415 [jira] [Commented] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232",
                "url": "https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[ofbiz-notifications] 20190415 [jira] [Closed] (OFBIZ-10920) Update Tomcat to 9.0.18 due to CVE-2019-0232",
                "url": "https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3@%3Cnotifications.ofbiz.apache.org%3E"
            },
            {
                "refsource": "BID",
                "name": "107906",
                "url": "http://www.securityfocus.com/bid/107906"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20190421 svn commit: r1857901 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
                "url": "https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "FULLDISC",
                "name": "20190504 RCE in CGI Servlet - Apache Tomcat on Windows - CVE-2019-0232",
                "url": "http://seclists.org/fulldisclosure/2019/May/4"
            },
            {
                "refsource": "REDHAT",
                "name": "RHSA-2019:1712",
                "url": "https://access.redhat.com/errata/RHSA-2019:1712"
            },
            {
                "refsource": "MLIST",
                "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
                "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
                "refsource": "MISC",
                "name": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html",
                "url": "https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html"
            },
            {
                "refsource": "MISC",
                "name": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/",
                "url": "https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://www.synology.com/security/advisory/Synology_SA_19_17",
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_17"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://security.netapp.com/advisory/ntap-20190419-0001/",
                "url": "https://security.netapp.com/advisory/ntap-20190419-0001/"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784",
                "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784"
            },
            {
                "refsource": "MISC",
                "name": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/",
                "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/"
            },
            {
                "refsource": "MISC",
                "name": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/",
                "url": "https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/"
            },
            {
                "refsource": "MISC",
                "name": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html",
                "url": "http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)."
            }
        ]
    }
}