Summary Apache Tomcat has a vulnerability in the CGI Servlet which can be exploited to achieve remote code execution (RCE). This is only exploitable when running on Windows in a non-default configuration in conjunction with batch files. The vendor released a fix in Tomcat versions 7.0.94, 8.5.40 and 9.0.19. Users are encouraged to upgrade as … Continue reading Remote Code Execution (RCE) in CGI Servlet – Apache Tomcat on Windows – CVE-2019-0232