Apache Tomcat

Pierluigi Paganini March 03, 2020
Experts warn of mass scans for Apache Tomcat Ghostcat flaw

Experts warn of ongoing scans for Apache Tomcat servers affected by the Ghostcat flaw that could allow attackers to take over servers. Security experts are warning of ongoing scans for Apache Tomcat servers affected by the recently disclosed Ghostcat vulnerability CVE-2020-1938. The flaw affects all versions of Apache Tomcat, it could be exploited by attackers […]

Pierluigi Paganini February 28, 2020
All versions of Apache Tomcat are affected by the Ghostcat flaw

Ghostcat flaw affects all versions of Apache Tomcat and could be exploited by hackers to read configuration files or install backdoors on vulnerable servers. All versions of Apache Tomcat are affected by a vulnerability dubbed Ghostcat that could be exploited by attackers to read configuration files or install backdoors on vulnerable servers. The vulnerability, tracked as […]

Pierluigi Paganini July 25, 2018
Apache Software Foundation fixes important flaws in Apache Tomcat

The Apache Software Foundation has rolled out security updates for the Tomcat application server that address several flaws. The Apache Software Foundation has released security updates for the Tomcat application server that address several vulnerabilities, including issues that trigger a denial-of-service (DoS) condition or can lead to information disclosure. Apache Tomcat is an open-source Java Servlet Container that implements […]

Pierluigi Paganini October 11, 2016
Hurry up,fix the CVE-2016-5425 privilege escalation flaw in Apache Tomcat

The security research Dawid Golunski reported a Root Privilege Escalation in the Apache Tomcat (RedHat-based distros) tracked as CVE-2016-5425. Apache Tomcat packages provided by default repositories of RedHat-based distributions (i.e. CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions. The configuration file /usr/lib/tmpfiles.d/tomcat.conf could be modified by a member of the tomcat group or by a malicious […]