https://bugzilla.redhat.com/show_bug.cgi?id=1713275
--- Comment #6 from Doran Moppert dmoppert@redhat.com --- Mitigation:
SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.