Apache Tomcat Remote Code Execution Vulnerability
RISK: High Risk
TYPE: Servers - Web Servers
A vulnerability was identified in Apache Tomcat, a remote attacker could exploit this vulnerability to trigger remote code execution and sensitive information disclosure on the targeted system.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Apache Tomcat version 6.x
- Apache Tomcat version 7.0.99 and prior versions
- Apache Tomcat version 8.5.50 and prior versions
- Apache Tomcat version 9.0.30 and prior versions
Solutions
Before installation of the software, please visit the vendor's web-site for more details.
- Apply fixes issued by the vendor:
https://tomcat.apache.org/download-70.cgi
In case Apache Tomcat 6.x is still in use, system administrators should follow the recommendations provided in the URL below to disable the AJP Connector or set appropriate authentication credentials to the Connector to avoid the vulnerability:
https://www.chaitin.cn/en/ghostcat
Vulnerability Identifier
Source
Related Link
Share with