This document describes the ePO Sustaining Statement position relative to the support of our applications.
Our response to the latest Tomcat vulnerability CVE-2019-0232
Overview
This document addresses concerns about ePO and the Tomcat vulnerability CVE-2019-0232. This vulnerability is referenced in the
Tomcat Security Advisory.
You can review additional information at the
National Vulnerability Database.
Description
CVE-2019-0232
When running on Windows with
enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command-line arguments to Windows. The CGI Servlet is disabled by default.
Research and Conclusions
The ePO Engineering team has reviewed this CVE and determined that ePO is
not affected based on the usage. CVE-2019-0232 is related to the Tomcat CGI Servlet feature, which ePO doesn't use. So, this CVE doesn't apply to ePO.