CVE-2019-0221
MEDIUM NUCLEIApache Tomcat 7.0.0-7.0.93 and 8.5.0-8.5.39 and 9.0.0.M1-9.0.0.17 - Cross-Site Scripting via SSI printenv Command
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-0221. PoCs published by Central InfoSec. A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Apache Tomcat due to improper escaping in the SSI printenv directive. The PoC requires SSI support to be enabled and a specific file with the printenv directive to be accessible.
Description
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
Exploits (1)
exploitdb
WORKING POC
by Central InfoSec · textwebappsmultiple
https://www.exploit-db.com/exploits/50119
This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Apache Tomcat due to improper escaping in the SSI printenv directive. The PoC requires SSI support to be enabled and a specific file with the printenv directive to be accessible.
Classification
Working Poc 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target:
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93
No auth needed
Prerequisites:
SSI support enabled · Accessible file with printenv SSI directive
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Nuclei Templates (1)
Apache Tomcat - Cross-Site Scripting
MEDIUMby pikpikcu
Shodan:
title:"Apache Tomcat" || http.title:"apache tomcat" || http.html:"apache tomcat" || cpe:"cpe:2.3:a:apache:tomcat"
FOFA:
body="apache tomcat" || title="apache tomcat"
References (29)
Core 29
Core References
Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/May/50
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108545
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4128-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4128-2/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3929
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3931
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4596
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Dec/43
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202003-43
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Mailing List x_refsource_confirm
https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c%40%3Cannounce.tomcat.apache.org%3E
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190606-0001/
Various Sources x_refsource_misc
https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K13184144?utm_source=f5support&%3Butm_medium=RSS
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html
Scores
CVSS v3
6.1
EPSS
0.1448
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
apache/tomcat
9.0.0 milestone1 (27 CPE variants)
apache/tomcat
7.0.0 - 7.0.93
org.apache.tomcat.embed/tomcat-embed-core
9.0.0 - 9.0.17Maven
Published
May 28, 2019
Tracked Since
Feb 18, 2026