Saturday, November 2, 2024
HomeCVE/vulnerability13-year-old Ghostcat Bug Affected Apache-Tomcat Let Hackers Remotely Inject Any Files in...

13-year-old Ghostcat Bug Affected Apache-Tomcat Let Hackers Remotely Inject Any Files in The Servers

Published on

Malware protection

Ghostcat, 13-Year old severe file inclusion vulnerability affected Apache-Tomcat server allows hackers to read or include any files in the web app directories of Tomcat remotely.

Tomcat is one of the most popular Java middleware servers that used to deploy Java Servlets and JSPs, also it provides a “pure Java” HTTP web server environment in which Java code can run.

Critical Ghostcat Vulnerability initially discovered by a researcher from Chaitin Tech and the bug is specifically existing in the Tomcat AJP protocol.

- Advertisement - SIEM as a Service

AJP protocol is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the webserver.

The vulnerability can be tracked as CVE-2020-1938 and it affected all versions of Tomcat 9/8/7/6.

Affected Tomcat version:

  • Apache Tomcat 9.x < 9.0.31
  • Apache Tomcat 8.x < 8.5.51
  • Apache Tomcat 7.x < 7.0.100
  • Apache Tomcat 6.x

Ghostcat is a high-risk file read/include vulnerability in Tomcat, and it allows an attacker to execute malicious code on the target host by exploiting file inclusion flaw.

In other words, Ghostcat vulnerability allows an attacker to read the configuration files and source code files of all webapps that deployed in Tomcat, and if the web app allows a file upload due to this severe flaw, the attacker is also able to upload any files to the server.

It also lets attackers upload any malicious Java Server Pages (JSP) that enable remote code execution on the server.

According to the Researcher from Chaitin Tech, Under the following circumstances can Tomcat be exploited.

=>  If the AJP Connector is enabled and the attacker can access the 
AJP Connector service port, there is a risk of be exploited by
the Ghostcat vulnerability.
=> It should be noted that Tomcat AJP Connector is enabled by default
and listens at 0.0.0.0:8009.

Chaitin Tech reported this severe vulnerability to Apache Tomcat official on 2020/01/03 and the Apache Tomcat fixed the bug and released 9.0.31 and 8.5.51 version.

You can read the Ghostcat vulnerability patch notice from Apache for Tomcat 7.xTomcat 8.x, and Tomcat 9.x 

You can also Utilize xray vulnerability scanner from Chaitin Tech to detect Ghostcat Vulnerability.

Also Read: Most Important Web Server Penetration Testing Checklist

Follow us on Twitter, Linkedin, Facebook for Daily cyber security & hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows

Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM...

Vulnerabilities in Realtek SD Card Reader Driver Impacts Dell, Lenovo, & Others Laptops

Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting...