All versions of Apache Tomcat are affected by a vulnerability dubbed Ghostcat that could be exploited by attackers to read configuration files or install
The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server.
Tomcat Connector allows Tomcat to connect to the outside, it enables Catalina to receive requests from the outside, pass them to the corresponding web application for processing, and return the response result of the request.
By default, Tomcat used two Connectors, the HTTP Connector and the AJP Connector, the lat
The Ghostcat vulnerability in the AJP that can be exploited to either read or write files to a Tomcat server, an attacker could trigger the flaw to access configuration files and steal passwords or API tokens. It can also allow attackers to write files to a server, including malware or web shells.
“By exploiting the Ghostcat vulnerability, an attacker can read the contents of configuration files and source code files of all
“In addition, if the website application allows users upload file, an attacker can first upload a file containing malicious JSP script code to the server (the uploaded file itself can be any type of file, such as pictures, plain text files etc.), and then include the uploaded file by exploiting the Ghostcat vulnerability, which finally can result in remote code execution.”
Tomcat versions affected by the Ghostcat vulnerability are:
Chaitin experts discovered the vulnerability in early January, then helped maintainers of the Apache Tomcat project to address the issue.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.