E19-0qvs1
CVSS:
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
t
Variants:
4
Year:
2019
Description
This strike replicates an attack on Apache Tomcat based on a Windows command injection vulnerability.
The flaw resides in the way the command arguments for a CGI script are transmitted from the request's parameters on the Windows OS.
By exploiting this vulnerability, a remote unauthenticated attacker can execute commands on the host system.