{"id":"CVE-2019-0232","details":"When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).","aliases":["GHSA-8vmx-qmch-mpqg"],"modified":"2026-04-02T01:26:35.047274Z","published":"2019-04-15T15:29:00.420Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/5f297a4b9080b5f65a05bc139596d0e437d6a539b25e31d29d028767%40%3Cannounce.tomcat.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/96849486813a95dfd542e1618b7923ca945508aaf4a4341f674d83e3%40%3Cnotifications.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/a6c87a09a71162fd563ab1c4e70a08a103e0b7c199fc391f1c9c4c35%40%3Ccommits.ofbiz.apache.org%3E"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2019/May/4"},{"type":"WEB","url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/dd4b325cdb261183dbf5ce913c102920a8f09c26dae666a98309165b%40%3Cnotifications.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"type":"WEB","url":"http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/52ffb9fbf661245386a83a661183d13f1de2e5779fa23837a08e02ac%40%3Ccommits.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/673b6148d92cd7bc99ea2dcf85ad75d57da44fc322d51f37fb529a2a%40%3Ccommits.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://wwws.nightwatchcybersecurity.com/2019/04/30/remote-code-execution-rce-in-cgi-servlet-apache-tomcat-on-windows-cve-2019-0232/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/f4d48b32ef2b6aa49c8830241a9475da5b46e451f964b291c7a0a715%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107906"},{"type":"ADVISORY","url":"https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1712"},{"type":"ADVISORY","url":"https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190419-0001/"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"type":"ADVISORY","url":"https://www.synology.com/security/advisory/Synology_SA_19_17"},{"type":"ADVISORY","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"type":"ARTICLE","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/"},{"type":"ARTICLE","url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-784"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"e498667bd7811e846771a852b16ce9f1e524b81b"},{"last_affected":"813426f377e0f26ed1e8b6bc70abad881bfa4409"},{"introduced":"e37b977db6f47e4380ad67114a49e8568951c953"},{"last_affected":"f481565d959dc5a5eae1576cc294774c8683b4dc"},{"introduced":"3c78e95e36268dfb76db1570f0cf49104fa6eabc"},{"last_affected":"25d7c99e8c44a41a08ba85ccaba3cfec6af9c801"},{"introduced":"0"},{"last_affected":"29b07def810d335012e738b22ab44d4e232b50d1"},{"introduced":"0"},{"last_affected":"10e04de1946981261a734507f4a6d953e2a206fe"},{"introduced":"0"},{"last_affected":"65ddc3a3872ea41ca67fec7b6834c704b6893361"},{"introduced":"0"},{"last_affected":"b5a74e3c7913c560648f0ffedfbbb3ebe4318def"},{"introduced":"0"},{"last_affected":"de128d72af746184e035ff1b53629f08cb141a04"},{"introduced":"0"},{"last_affected":"aac670afe1226e10513021100fce8a12344743c6"},{"introduced":"0"},{"last_affected":"c2c8107f0cea4755497a85990807b883b66f6b57"},{"introduced":"0"},{"last_affected":"8c48678b110f3fbbe66f6dde0e45d2578fa92c29"},{"introduced":"0"},{"last_affected":"9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f"},{"introduced":"0"},{"last_affected":"59e713216cf2256aacc54f6ba627865f356f9e4e"},{"introduced":"0"},{"last_affected":"7dc5e29fe49850102261badf158752d6865311e4"},{"introduced":"0"},{"last_affected":"18b014d8691909be6153ae7db022a6c35f9c93ea"},{"introduced":"0"},{"last_affected":"600dc8ba5d9be7599d29bff83c342213d93b034e"},{"introduced":"0"},{"last_affected":"3bd48aab236e5bf0ed1644e9f0c588fd20e503ab"},{"introduced":"0"},{"last_affected":"642d3dd4d50ea1f03f9827962e4fc982a123bb78"},{"introduced":"0"},{"last_affected":"24566c02fb917a6ca1b6479a60971b0d8acd895c"},{"introduced":"0"},{"last_affected":"cac0e029dcced854eeca7444710e78e412dc2c2a"},{"introduced":"0"},{"last_affected":"c5efed313de1a181f4f9f98f5023117f3b911257"},{"introduced":"0"},{"last_affected":"ab04166fac59fcf9b3be3aab1c8b896842782d4c"},{"introduced":"0"},{"last_affected":"d1dc05e934e089ea8907998cf850760017a0ed82"},{"introduced":"0"},{"last_affected":"fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf"},{"introduced":"0"},{"last_affected":"c7b84102600d600bcc527560d9c4d10c3fd440ab"},{"introduced":"0"},{"last_affected":"d8ebf61e51b4455e3c226751e492a533f9002d48"},{"introduced":"0"},{"last_affected":"aba238718ac9b149d25feaa9a14ecad3b0e3a5e2"},{"introduced":"0"},{"last_affected":"fe854ab1f111396458d98fa2ab08c693ce9407e1"},{"introduced":"0"},{"last_affected":"45f8fd74cdb96490fab8709263a4d862f0d429cf"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"last_affected":"7.0.93"},{"introduced":"8.5.0"},{"last_affected":"8.5.39"},{"introduced":"9.0.1"},{"last_affected":"9.0.17"},{"introduced":"0"},{"last_affected":"9.0.0-milestone1"},{"introduced":"0"},{"last_affected":"9.0.0-milestone10"},{"introduced":"0"},{"last_affected":"9.0.0-milestone11"},{"introduced":"0"},{"last_affected":"9.0.0-milestone12"},{"introduced":"0"},{"last_affected":"9.0.0-milestone13"},{"introduced":"0"},{"last_affected":"9.0.0-milestone14"},{"introduced":"0"},{"last_affected":"9.0.0-milestone15"},{"introduced":"0"},{"last_affected":"9.0.0-milestone16"},{"introduced":"0"},{"last_affected":"9.0.0-milestone17"},{"introduced":"0"},{"last_affected":"9.0.0-milestone18"},{"introduced":"0"},{"last_affected":"9.0.0-milestone19"},{"introduced":"0"},{"last_affected":"9.0.0-milestone2"},{"introduced":"0"},{"last_affected":"9.0.0-milestone20"},{"introduced":"0"},{"last_affected":"9.0.0-milestone21"},{"introduced":"0"},{"last_affected":"9.0.0-milestone22"},{"introduced":"0"},{"last_affected":"9.0.0-milestone23"},{"introduced":"0"},{"last_affected":"9.0.0-milestone24"},{"introduced":"0"},{"last_affected":"9.0.0-milestone25"},{"introduced":"0"},{"last_affected":"9.0.0-milestone26"},{"introduced":"0"},{"last_affected":"9.0.0-milestone3"},{"introduced":"0"},{"last_affected":"9.0.0-milestone4"},{"introduced":"0"},{"last_affected":"9.0.0-milestone5"},{"introduced":"0"},{"last_affected":"9.0.0-milestone6"},{"introduced":"0"},{"last_affected":"9.0.0-milestone7"},{"introduced":"0"},{"last_affected":"9.0.0-milestone8"},{"introduced":"0"},{"last_affected":"9.0.0-milestone9"}]}}],"versions":["10.0.0","10.0.0-M1","10.0.0-M10","10.0.0-M2","10.0.0-M3","10.0.0-M4","10.0.0-M5","10.0.0-M6","10.0.0-M7","10.0.0-M8","10.0.0-M9","10.0.0.0-M1","10.0.1","10.0.10","10.0.11","10.0.12","10.0.13","10.0.14","10.0.15","10.0.16","10.0.17","10.0.18","10.0.19","10.0.2","10.0.20","10.0.21","10.0.22","10.0.23","10.0.24","10.0.25","10.0.26","10.0.27","10.0.3","10.0.4","10.0.5","10.0.6","10.0.7","10.0.8","10.0.9","10.1.0","10.1.0-M1","10.1.0-M10","10.1.0-M11","10.1.0-M12","10.1.0-M13","10.1.0-M14","10.1.0-M15","10.1.0-M16","10.1.0-M17","10.1.0-M18","10.1.0-M19","10.1.0-M2","10.1.0-M20","10.1.0-M3","10.1.0-M4","10.1.0-M5","10.1.0-M6","10.1.0-M7","10.1.0-M8","10.1.0-M9","10.1.1","10.1.10","10.1.11","10.1.12","10.1.13","10.1.14","10.1.15","10.1.16","10.1.17","10.1.18","10.1.19","10.1.2","10.1.20","10.1.22","10.1.23","10.1.24","10.1.25","10.1.26","10.1.27","10.1.28","10.1.29","10.1.3","10.1.30","10.1.31","10.1.32","10.1.33","10.1.34","10.1.35","10.1.36","10.1.37","10.1.38","10.1.39","10.1.4","10.1.40","10.1.41","10.1.42","10.1.43","10.1.44","10.1.45","10.1.46","10.1.47","10.1.48","10.1.49","10.1.5","10.1.50","10.1.51","10.1.52","10.1.6","10.1.7","10.1.8","10.1.9","11.0.0","11.0.0-M1","11.0.0-M10","11.0.0-M11","11.0.0-M12","11.0.0-M13","11.0.0-M14","11.0.0-M15","11.0.0-M16","11.0.0-M17","11.0.0-M18","11.0.0-M19","11.0.0-M2","11.0.0-M20","11.0.0-M21","11.0.0-M22","11.0.0-M23","11.0.0-M24","11.0.0-M25","11.0.0-M26","11.0.0-M3","11.0.0-M4","11.0.0-M5","11.0.0-M6","11.0.0-M7","11.0.0-M8","11.0.0-M9","11.0.1","11.0.10","11.0.11","11.0.12","11.0.13","11.0.14","11.0.15","11.0.16","11.0.17","11.0.18","11.0.2","11.0.3","11.0.4","11.0.5","11.0.6","11.0.7","11.0.8","11.0.9","7.0.0","7.0.0-RC1","7.0.0-RC2","7.0.0-RC3","7.0.0-RC4","7.0.1","7.0.10","7.0.100","7.0.101","7.0.102","7.0.103","7.0.104","7.0.105","7.0.106","7.0.107","7.0.108","7.0.109","7.0.11","7.0.12","7.0.13","7.0.14","7.0.15","7.0.16","7.0.17","7.0.18","7.0.19","7.0.2","7.0.20","7.0.21","7.0.22","7.0.23","7.0.24","7.0.25","7.0.26","7.0.27","7.0.28","7.0.29","7.0.3","7.0.30","7.0.31","7.0.32","7.0.33","7.0.34","7.0.35","7.0.36","7.0.37","7.0.38","7.0.39","7.0.4","7.0.40","7.0.41","7.0.42","7.0.43","7.0.44","7.0.45","7.0.46","7.0.47","7.0.48","7.0.49","7.0.5","7.0.50","7.0.51","7.0.52","7.0.53","7.0.54","7.0.55","7.0.56","7.0.57","7.0.58","7.0.59","7.0.6","7.0.60","7.0.61","7.0.62","7.0.63","7.0.64","7.0.65","7.0.66","7.0.67","7.0.68","7.0.69","7.0.7","7.0.70","7.0.71","7.0.72","7.0.73","7.0.74","7.0.75","7.0.76","7.0.77","7.0.78","7.0.79","7.0.8","7.0.80","7.0.81","7.0.82","7.0.83","7.0.84","7.0.85","7.0.86","7.0.87","7.0.88","7.0.89","7.0.9","7.0.90","7.0.91","7.0.92","7.0.93","7.0.94","7.0.95","7.0.96","7.0.97","7.0.98","7.0.99","8.5.0","8.5.1","8.5.10","8.5.100","8.5.11","8.5.12","8.5.13","8.5.14","8.5.15","8.5.16","8.5.17","8.5.18","8.5.19","8.5.2","8.5.20","8.5.21","8.5.22","8.5.23","8.5.24","8.5.25","8.5.26","8.5.27","8.5.28","8.5.29","8.5.3","8.5.30","8.5.31","8.5.32","8.5.33","8.5.34","8.5.35","8.5.36","8.5.37","8.5.38","8.5.39","8.5.4","8.5.40","8.5.41","8.5.42","8.5.43","8.5.44","8.5.45","8.5.46","8.5.47","8.5.48","8.5.49","8.5.5","8.5.50","8.5.51","8.5.52","8.5.53","8.5.54","8.5.55","8.5.56","8.5.57","8.5.58","8.5.59","8.5.6","8.5.60","8.5.61","8.5.62","8.5.63","8.5.64","8.5.65","8.5.66","8.5.67","8.5.68","8.5.69","8.5.7","8.5.70","8.5.71","8.5.72","8.5.73","8.5.74","8.5.75","8.5.76","8.5.77","8.5.78","8.5.79","8.5.8","8.5.80","8.5.81","8.5.82","8.5.83","8.5.84","8.5.85","8.5.86","8.5.87","8.5.88","8.5.89","8.5.9","8.5.90","8.5.91","8.5.92","8.5.93","8.5.94","8.5.95","8.5.96","8.5.97","8.5.98","8.5.99","9.0.0","9.0.0-M1","9.0.0-M10","9.0.0-M11","9.0.0-M12","9.0.0-M13","9.0.0-M14","9.0.0-M15","9.0.0-M16","9.0.0-M17","9.0.0-M18","9.0.0-M19","9.0.0-M2","9.0.0-M20","9.0.0-M21","9.0.0-M22","9.0.0-M23","9.0.0-M24","9.0.0-M25","9.0.0-M26","9.0.0-M27","9.0.0-M3","9.0.0-M4","9.0.0-M5","9.0.0-M6","9.0.0-M7","9.0.0-M8","9.0.0-M9","9.0.1","9.0.10","9.0.100","9.0.101","9.0.102","9.0.103","9.0.104","9.0.105","9.0.106","9.0.107","9.0.108","9.0.109","9.0.11","9.0.110","9.0.111","9.0.112","9.0.113","9.0.114","9.0.115","9.0.12","9.0.13","9.0.14","9.0.15","9.0.16","9.0.17","9.0.18","9.0.19","9.0.2","9.0.20","9.0.21","9.0.22","9.0.23","9.0.24","9.0.25","9.0.26","9.0.27","9.0.28","9.0.29","9.0.3","9.0.30","9.0.31","9.0.32","9.0.33","9.0.34","9.0.35","9.0.36","9.0.37","9.0.38","9.0.39","9.0.4","9.0.40","9.0.41","9.0.42","9.0.43","9.0.44","9.0.45","9.0.46","9.0.47","9.0.48","9.0.49","9.0.5","9.0.50","9.0.51","9.0.52","9.0.53","9.0.54","9.0.55","9.0.56","9.0.57","9.0.58","9.0.59","9.0.6","9.0.60","9.0.61","9.0.62","9.0.63","9.0.64","9.0.65","9.0.66","9.0.67","9.0.68","9.0.69","9.0.7","9.0.70","9.0.71","9.0.72","9.0.73","9.0.74","9.0.75","9.0.76","9.0.77","9.0.78","9.0.79","9.0.8","9.0.80","9.0.81","9.0.82","9.0.83","9.0.84","9.0.85","9.0.86","9.0.87","9.0.88","9.0.89","9.0.9","9.0.90","9.0.91","9.0.92","9.0.93","9.0.94","9.0.95","9.0.96","9.0.97","9.0.98","9.0.99"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0232.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}