Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

High-Risk Vulnerability Affects Servers Running Apache Tomcat

 

Systems Affected


  ✻  Apache Tomcat all versions (9.x/8.x/7.x/6.x)

Threat Level


High


Overview


Vulnerability (CVE‐2020‐1938) called as 'Ghostcat' let unauthenticated, remote attackers to read any file on the vulnerable web server and could lead to obtaining sensitive configuration files or source code, or execute arbitrary code depending on the server configuration.


Description


According to the cybersecurity company Chaitin Tech, the vulnerability resides in the AJP protocol of the Apache Tomcat software and it is due to improper handling of an attribute. The said protocol is responsible for Tomcat to communicate with apache webserver. AJP protocol comes with TCP port 8009 by default and it is bound to IP address 0.0.0.0 and can only be exploited remotely when accessible to untrusted clients.


Impact


  ✻  Execute arbitrary code
  ✻  Gain access to the sensitive configuration files in the server
  ✻  Taking control of the whole Tomcat Apache server


Solution/ Workarounds


  ✻  Update the Apache Tomcat to version to 9.0.31, 8.5.51, and 7.0.100
  ✻  Web administrators are strongly recommended to apply the software update as soon possible
  ✻  Never expose AJP port to untrusted clients
  ✻  If you are unable to update to the latest version disable the AJP connector directly or change the listening address to the localhost


References


  ✻  https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html
  ✻  https://nvd.nist.gov/vuln/detail/CVE-2020-1938


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.