suse · CVE-2019-0221

Quick triage

Priority: medium Published: 2021-05-30 14:21:05 UTC Updated: 2026-03-05 06:31:33 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-0221 severity moderate: SUSE including 353 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 548 product×package rows across 34 product lines (HPE Helion OpenStack 8, SUSE Enterprise Storage 5, … (34 product lines)): Fixed 310, Known Affected 231, Known Not Affected 7.

Description:

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

cvelogic Threat Intelligence