Overview

On April 10, local time, Apache Software Foundation officially released a security advisory, announcing the fix of a remote code execution vulnerability (CVE-2019-0232). The Java Runtime Environment (JRE), when running on a Windows system with enableCmdLineArguments enabled, passes command-line parameters to Windows in an incorrect manner. This leads to the CGI servlet susceptible to remote code execution attacks. By default, the CGI servlet is disabled. (more…)