Security News > 2020 > March > Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks
Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat.
Bad Packets told SecurityWeek on Wednesday that the scanning activity they have detected is designed to enumerate vulnerable servers by checking for the path "/WEB-INF/web.
The Ghostcat vulnerability has existed for more than a decade and it affects versions 6, 7, 8 and 9 of Apache Tomcat.
The security hole is related to the Apache JServ Protocol protocol, which is designed to improve performance by proxying inbound requests from a web server through to an application server.
Ghostcat affects the default configuration of Tomcat and many servers are vulnerable to attacks directly from the internet.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. | 9.8 |