CVE-2019-0232

HIGH EXPLOITED NUCLEI

Apache Tomcat < 7.0.93 - OS Command Injection

Title source: rule

Description

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).

Exploits (16)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/47073

View Code ZIP pw:eip

nomisec WORKING POC 189 stars

by pyn3rd · remote

https://github.com/pyn3rd/CVE-2019-0232

View Code ZIP pw:eip

nomisec WORKING POC 80 stars

by jas502n · remote

https://github.com/jas502n/CVE-2019-0232

View Code ZIP pw:eip

nomisec WORKING POC 22 stars

by jaiguptanick · remote

https://github.com/jaiguptanick/CVE-2019-0232

View Code ZIP pw:eip

nomisec WRITEUP 20 stars

by setrus · poc

https://github.com/setrus/CVE-2019-0232

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by cyy95 · poc

https://github.com/cyy95/CVE-2019-0232-EXP

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Jorge2Rubio · remote

https://github.com/Jorge2Rubio/CVE-2019-0232

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Dharan10 · remote

https://github.com/Dharan10/CVE-2019-0232

View Code ZIP pw:eip

github WORKING POC 1 stars

by Shockp · pythonpoc

https://github.com/Shockp/CVE-Exploits/tree/main/CVE-2019-0232 (Tomcat cgi)

View Code ZIP pw:eip

nomisec NO CODE 1 stars

by Nicoslo · poc

https://github.com/Nicoslo/Windows-Exploitation-Web-Server-Tomcat-8.5.39-CVE-2019-0232

View Code ZIP pw:eip

nomisec NO CODE 1 stars

by Nicoslo · poc

https://github.com/Nicoslo/Windows-exploitation-Apache-Tomcat-8.5.19-CVE-2019-0232-

View Code ZIP pw:eip

nomisec WORKING POC

by r4vl1t0 · remote

https://github.com/r4vl1t0/CVE-2019-0232

View Code ZIP pw:eip

nomisec WORKING POC

by x3m1Sec · remote

https://github.com/x3m1Sec/CVE-2019-0232_tomcat_cgi_exploit

View Code ZIP pw:eip

nomisec WORKING POC

by xsxtw · poc

https://github.com/xsxtw/CVE-2019-0232

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/iumiro/CVE-2019-0232

View on vulncheck_xdb

metasploit WORKING POC EXCELLENT

by Yakov Shafranovich, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/tomcat_cgi_cmdlineargs.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution

HIGHby DhiyaneshDk

Shodan:

http.html:"apache tomcat" || http.title:"apache tomcat" || http.html:"jk status manager" || cpe:"cpe:2.3:a:apache:tomcat"

FOFA: body="jk status manager" || body="apache tomcat" || title="apache tomcat"

References (32)

[Mailing List] http://seclists.org/fulldisclosure/2019/May/4

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107906

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:1712

[Various Sources] https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/

[Third Party Advisory] https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20190419-0001/

[Third Party Advisory] https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/

[Technical Description] https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

[Various Sources] https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/

[Vendor Advisory] https://www.synology.com/security/advisory/Synology_SA_19_17

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujan2020.html

[Vendor Advisory] https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

[Vendor Advisory] https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html

[Mailing List] https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac%40%3Ccommits.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767%40%3Cannounce.tomcat.apache.org%3E

... and 12 more

Scores

CVSS v3 8.1

EPSS 0.9405

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-04-12

CWE

CWE-78

Status published

Products (3)

apache/tomcat 9.0.0 milestone1 (26 CPE variants)

apache/tomcat 7.0.0 - 7.0.93

org.apache.tomcat.embed/tomcat-embed-core 9.0.0.M1 - 9.0.17Maven

Published Apr 15, 2019

Tracked Since Feb 18, 2026