Remote code execution vulnerability found in Apache Tomcat for Windows

Almots all the major versions (Apache Tomcat 7.x, Apache Tomcat 8.x and Apache Tomcat 9.x ) of the widely used server application Apache Tomcat, are affected with a remote code execution vulnerability (CVE-2019-0232). A Remote code execution vulnerability is a critical vulnerability that allows an attacker to access your system and make changes, no matter where they are. This vulnerability is fixed in the latest update for each Apache Tomcat release. Thererefore, it is imperative that you detect the affected Apache Tomcat servers in your network, and install the latest update in them to secure your network.

The details on this vulnerability published in the Apache Tomcat article revealed, "When running on Windows with enableCmdLineArguments enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows."

Affected versions	Latest update	Reference links
7.0.0 to 7.0.93	7.0.94	https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.94
8.5.0 to 8.5.39	8.5.40	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.40
9.0.0.M1 to 9.0.17	9.0.18	https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.18

Workaround:

Follow the steps mentioned below in the Vulnerability Manager Plus console:

Navigate to Threats> software vulnerabilities.
In the search by CVE ID field, specify "CVE-2019-0232'" to find the number of systems affected by this vulnerability.
Click on the vulnerability and find the link for the latest update under solution.
Install the latest update in affected systems.