Skip to content

Home
Apache Tomcat Patches Remote Code Execution Vulnerability
Tuesday, 16 April 2019 09:00

A remote code execution vulnerability was discovered in Apache Tomcat. When running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows (The CGI Servlet is disabled by default and its option enableCmdLineArguments is disabled by default in Tomcat 9.0.x.). It is advised to set the CGI Servlet initialisation parameter enableCmdLineArguments to false to upgrade Apache Tomcat to the unaffected version.

 
[YOUR IP: 100.24.209.47: 38802] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...