A new and risky vulnerability of Apache Tomcat has recently surfaced.
The web servers running on any of Apache Tomcat’s versions have been found vulnerable to a highly risky ‘file read and inclusion bug’. There are several proof-of-concept exploits available on the internet which will make it easy for anyone to hack into publicly accessible web servers. The vulnerability has been named as ‘GhostCat’ and tracked as CVE-2020-1938.
The vulnerability can allow unauthenticated and remote access to the hackers for reading any file on a vulnerable web server. Remote attackers can obtain sensitive configuration files, source codes, execute arbitrary code and can cause a lot of menace by exploiting the vulnerability. Various file uploads and execution can take place if the server allows file upload.
The vulnerability was detected to be residing in the AJP protocol of Apache Tomcat and arises due to improper handling of an attribute. Apache Jserv Protocol (AJP) is an optimized version of HTTP which allows Tomcat to communicate with an Apache web-server. AJP is enabled by default and listens at TCP 8009, bound to IP 0.0.0.0 can be exploited remotely only when accessible to untrusted clients.
There are updates available for the TomCat which has the required security patch for the vulnerability. NPAV recommends using the updated modules and always installing updates that provide bug fixes and security patches.
Use NPAV and join us on a mission to secure the cyber world.