Critical Apache Tomcat Vulnerability 'Ghostcat' Affects Widely Used Versions
A critical security vulnerability, Ghostcat (CVE-2020-1938), has been discovered in Apache Tomcat's Apache JServ Protocol. This issue, rated 9.8 on the CVSS v3 scale, affects widely used versions of Apache Tomcat and could allow attackers to gain access to sensitive files and potentially execute remote code.
The vulnerability, found by Semmle, is present in Apache Tomcat 6.x before 6.0.53, 7.x before 7.0.88, and 8.x before 8.5.49. It's also present in newer versions, including 9.0.0 to 9.0.30, 8.5.0 to 8.5.50, and 7.0.0 to 7.0.99. Apache Tomcat AJP, enabled by default on port 8009, is commonly used for communication between Tomcat and Apache web servers.
Exploitation of Ghostcat can lead to access to configuration files. If arbitrary file upload is not disabled, it may enable remote code execution. Qualys Web Application Scanning (WAS) can detect Ghostcat by enabling QID 150282 in option profiles. Other attack vectors include arbitrary file upload (QID 150114) and file upload form found (QID 150125).
To remediate, users should disable port 8009, restart the Apache web server, and define a strong secret key attribute requiredSecret in server.xml. Upgrading to patched versions of Apache Tomcat is also recommended to ensure protection against this critical vulnerability.
Read also:
- China's Foothold in Europe
- Advancement in Biometric Acceptance Paves Way for Challenges in Countering AI-Driven Digital Fraud
- Unidentified cybercriminals suspected in mobile banking fraud in Kenya, as insiders potentially implicated in the scheme
- Exploring the Architecture and Skills of Qualys' Agentic AI: A Deep Dive into Its Technological Framework and Abilities
