Releases Security Updates for Apache Tomcat (April 14, 2019)

Ref# Apache | Date: May 10th 2019

Description

The Apache Software Foundation has released security updates to address vulnerabilities in Tomcat versions 7.0.94, 8.5.40, and 9.0.19. It is recommended that you take the necessary precautions by ensuring your Apache software is always updated.

Severity: Important

CVE-2019-0232 Apache Tomcat Remote Code Execution on Windows

Affected versions: Apache Tomcat 9.0.0.M1 to 9.0.17

Apache Tomcat 8.5.0 to 8.5.39, Apache Tomcat 7.0.0 to 7.0.93.

Mitigations: Users of the affected versions are asked to apply one of the following mitigations:

  • Ensure the CGI Servlet initialisation parameter enableCmdLineArguments is set to false   
  • Upgrade to Apache Tomcat 9.0.18 or later when released
  • Upgrade to Apache Tomcat 8.5.40 or later when released
  • Upgrade to Apache Tomcat 7.0.93 or later when released

For more information on the Apache Tomcat updates you can follow the url:

http://mail-archives.us.apache.org/mod_mbox/www-announce/201904.mbox/%3C13d878ec-5d49-c348-48d4-25a6c81b9605%40apache.org%3E

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

  Apache Releases security Updates for Apache Tomcat (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/04/14/Apache-Releases-Security-Updates-Apache-Tomcat