April 15, 2019 By Pierluigi Paganini
The Apache Software Foundation has released new versions of the Tomcat application server that address an important remote code execution vulnerability.
The new versions of the Tomcat application server address an important remote code execution vulnerability that could be exploited by a remote attacker to execute malicious code and take control of a vulnerable server.
The remote code execution vulnerability, tracked as CVE-2019-0232, resides in the Common Gateway Interface (CGI) Servlet when running on Windows with enableCmdLineArguments enabled. The flaw ties the way the Java Runtime Environment (JRE) passes command line arguments to Windows.
Full Article.
