![]() An analysis of the vulnerability has also been published by Tenable. I am trying to fix a reported tenable scan vulnerability with Tomcat 9.0.48. Chaitin has made available both online and offline tools that can be used to determine if a server is affected by Ghostcat.Īffected Linux distributions, such as Red Hat and SUSE, have released advisories for their users. Ghostcat affects the default configuration of Tomcat and many servers may be vulnerable to attacks directly from the internet.Ĭhaitin disclosed its findings last week and several proof-of-concept (PoC) exploits have been publicly released by different researchers. 31 we have observed below vulnerability > Title: Remote Web Server Apache Tomcat Contains Default Files > Issue: The default error page. Go to tomcat/conf folder Modify server. Let’s hide the product and version details from the Server header. A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept (PoC) exploit making an appearance on GitHub. By default, a page served by Tomcat will show like this. If the system allows users to upload files, an attacker can upload malicious JavaServer Pages (JSP) code to the server and use Ghostcat to execute that code. Having a server banner expose the product and version you are using and leads to information leakage vulnerability. The AJP connector used by Tomcat is affected by a weakness that can be exploited by a remote, unauthenticated attacker to access configuration and source code files for web applications deployed on a server. Version 6 is no longer supported, but the fact that it’s impacted shows that the vulnerability has existed for more than a decade.Ĭhaitin says the vulnerability is related to the Apache JServ Protocol (AJP) protocol, which is designed to improve performance by proxying inbound requests from a web server through to an application server. Patches were made available earlier this month with the release of versions 9.0.31, 8.5.51 and 7.0.100. The default error page, default index page, example JSPs and/or example servlets are installed on the remote Apache Tomcat server. The vulnerability affects versions 6, 7, 8 and 9 of the open source Java servlet container. Most vulnerabilities, both major and minor, are discovered by the Tomcat community itself or security researchers, and quickly patched. A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution.ĭubbed Ghostcat and tracked as CVE-2020-1938, the flaw was discovered by researchers at Chinese cybersecurity firm Chaitin Tech, who reported their findings to the Apache Software Foundation on January 3. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |