![]() ![]() You may be able to bypass the AJP connector entirely by having your developers upload their Java applications via a secure protocol like SCP (Secure Copy) directly to the webroot directory.If you don’t utilize the AJP connector comment out lines 115 to 121 in the /conf/server.xml file.If you cannot implement the patch for any business-related reason, consider reviewing the options below. It’s highly encouraged that you implement one of the patches available please, refer to the table above in the TTPs (Tactics, Techniques, and Procedures) section. May affect a wide variety of web servers as Apache Tomcat comes bundled with a lot of other software packages/repositories. Unauthorized access to a sensitive network port.Remote attackers may be able to upload their own Java applications to your web server depending on your server’s configuration.Remote attackers can read your Java application files.Possible Impact of the GhostCat Vulnerability Does affect Apache Tomcat version 6 - A patch hasn’t been released and is unlikely to be as that version of the software is no longer supported.If you run Apache Tomcat version 7.0.99 or below - Update to Tomcat version 7.0.100.If you run Apache Tomcat version 8.5.50 or below - Update to Tomcat version 8.5.51.If you run Apache Tomcat version 9.0.30 or below - Update to Tomcat version 9.0.31.Here is a guide to mapping your systems to the patches currently available: The AJP connector is enabled by default in all Apache Tomcat versions making them likely to be vulnerable to exploitation with an exception for patched versions of the software. Potential bad actors can exploit this vulnerability without the need to authenticate. This allows a remote attacker to read Java application files and potentially perform remote code execution via customized Java (.jar or similar file type) application to be uploaded to the server if file uploading is enabled in the server configuration. The reason this can occur is due to the default configuration inside Servlet having 0.0.0.0:8009 hardcoded (does redirect to port 8443). The vulnerability is caused by the AJP connector within the Java Servlet being unable to process the read/inclusion of file inputs. CVE-2020-1938 has been given the name of GhostCat by the security community. CVE-2020-1938 has been addressed by the Apache Tomcat maintainers with a patch, but patch availability depends on the version you’re running. Apache Tomcat is a Java-based program that allows website maintainers to serve content with the Java programming language. This report is about a vulnerability given the identification of CVE-2020-1938 which affects the Apache Tomcat software package. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |