Source: tomcat9 Version: 9.0.16-3 Severity: normal Tags: security upstream Hi,
The following vulnerability was published for tomcat9. CVE-2019-0221[0]: | The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 | to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without | escaping and is, therefore, vulnerable to XSS. SSI is disabled by | default. The printenv command is intended for debugging and is | unlikely to be present in a production website. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-0221 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0221 Regards, Salvatore __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
