✻ Apache Tomcat all versions (9.x/8.x/7.x/6.x)
Vulnerability (CVE‐2020‐1938) called as 'Ghostcat' let unauthenticated, remote attackers to read any file on the vulnerable web server and could lead to obtaining sensitive configuration files or source code, or execute arbitrary code depending on the server configuration.
According to the cybersecurity company Chaitin Tech, the vulnerability resides in the AJP protocol of the Apache Tomcat software and it is due to improper handling of an attribute. The said protocol is responsible for Tomcat to communicate with apache webserver. AJP protocol comes with TCP port 8009 by default and it is bound to IP address 0.0.0.0 and can only be exploited remotely when accessible to untrusted clients.
✻ Execute arbitrary code
✻ Gain access to the sensitive configuration files in the server
✻ Taking control of the whole Tomcat Apache server
✻ Update the Apache Tomcat to version to 9.0.31, 8.5.51, and 7.0.100
✻ Web administrators are strongly recommended to apply the software update as soon possible
✻ Never expose AJP port to untrusted clients
✻ If you are unable to update to the latest version disable the AJP connector directly or change the listening address to the localhost
The information provided herein is on "as is" basis, without warranty of any kind.