Detecting high-risk vulnerabilities potentially affecting 1 million servers worldwide
Ghostcat is a flaw in the AJP Tomcat (Apache JServ Protocol) AJP Tomcat protocol - a free, open source web server software used to run web applications programmed in the java language.
Although it is free software, Apache Tomcat is highly appreciated for its ability to set up a secure, cost-effective, and efficient website environment. That is why Apache TomCat is always on the list of the most popular open source software in the world today and is widely used by many units in the fields of finance, banking, and telecommunications. . Therefore, the appearance of vulnerabilities on this software is considered extremely dangerous.
The GhostCat vulnerability was tracked with code CVE-2020-1938 (CVSS 9.8), exploited by hackers in the form of special characters while sending requests to the server to read source code or configuration file information. server. Once these configuration files are acquired, hackers can gain access and install backdoors to gain remote control and execute other network attacks.

Severity.
According to VSEC experts, the Ghostcat flaw has now been detected on all versions (9.x / 8.x / 7.x / 6.x) of Apache Tomcat released over the past 13 years, and the It is especially serious that exploit codes have appeared and been shared widely on the internet, from which hackers can find and deploy methods of hacking into web servers easily. T
In the BinaryEdge vulnerability search engine, there are currently more than one million Tomcat servers currently in operation, so VSEC experts emphasize that all businesses and individuals use apache tomcat without updating to the session. The latest version is all on the list of possible attackers' prey. Therefore, VSEC recommends that if businesses use the Apache Tomcat system, please update the system to the latest version, never open the AJP port to untrusted clients.
Tomcat team said: 'Users should note that a change has been made in the default AJP Connector configuration version 9.0.31. Therefore users who update to version 9.0.31 or higher will need to make minor changes to their configuration. ' However, if for some reason the user is unable to upgrade the affected server immediately, it can be fixed temporarily by turning off the AJP Connector, or redirecting it to a local port to avoid unnecessary risks to the server.
You should read it
- Hundreds of thousands of IoT devices are likely to be attacked by vulnerabilities on the server
- Critical error on Apache Struts2 allows hackers to take over the web server
- Detects many security vulnerabilities in Lenovo server infrastructure
- MySQL vulnerabilities allow malicious servers to steal data from customers
- The Mail app on iOS has serious vulnerabilities
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- The difference between web server and app server
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
May be interested
- Facebook banned the advertisement of masks to prevent COVID-19 from sellingon friday, facebook announced it will continue its efforts to curb the chaos caused by the corona virus on its platform by banning sales and advertising of medical masks.
- Toilets cost 3,300 USD: Use stool to grow flowers on the roof, then guide the floral scent to the person sitting inside to smellthe design of this toilet makes it look like a temple and what it adores is the 'cycle of nature'.
- The legendary Shironeko has passed away, and the family chose the 18th 'birthday' to announce the sad newson march 2, the lovely cat shironeko from japan and famous worldwide has passed away.
- Women who inspire young people to start their career with technologyan art student who became a programmer with a mission to help young people; a bank student who became the top female streamer in vietnam; a woman restores the traditional, attractive bakery products loved by young people.
- CEO Tim Cook instructs Apple's global office workers to work from home todayapple ceo tim cook has just announced to its worldwide office workers that they can work from home in the context of the rapidly spreading covid-19 epidemic. this is the next technology firm to allow employees to work from home.
- Using the web to create virtual personnel, the chessboard project was automatically removed from Kickstarter with the suspected fraudthe automated chess board project regium, after a time calling for capital on kickstarter, was forced to stop working with the suspected fraud, when 4/6 people of this project were not real.