Security News > 2020 > February > Apache Tomcat Affected by Serious 'Ghostcat' Vulnerability

Apache Tomcat Affected by Serious 'Ghostcat' Vulnerability
2020-02-28 19:31

A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution.

Chaitin says the vulnerability is related to the Apache JServ Protocol protocol, which is designed to improve performance by proxying inbound requests from a web server through to an application server.

The AJP connector used by Tomcat is affected by a weakness that can be exploited by a remote, unauthenticated attacker to access configuration and source code files for web applications deployed on a server.

Ghostcat affects the default configuration of Tomcat and many servers may be vulnerable to attacks directly from the internet.

Chaitin has made available both online and offline tools that can be used to determine if a server is affected by Ghostcat.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/gRBHMfeGnhc/apache-tomcat-affected-serious-ghostcat-vulnerability

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642