Severity.
According to VSEC experts, the Ghostcat flaw has now been detected on all versions (9.x / 8.x / 7.x / 6.x) of Apache Tomcat released over the past 13 years, and the It is especially serious that exploit codes have appeared and been shared widely on the internet, from which hackers can find and deploy methods of hacking into web servers easily. T
In the BinaryEdge vulnerability search engine, there are currently more than one million Tomcat servers currently in operation, so VSEC experts emphasize that all businesses and individuals use apache tomcat without updating to the session. The latest version is all on the list of possible attackers' prey. Therefore, VSEC recommends that if businesses use the Apache Tomcat system, please update the system to the latest version, never open the AJP port to untrusted clients.
Tomcat team said: 'Users should note that a change has been made in the default AJP Connector configuration version 9.0.31. Therefore users who update to version 9.0.31 or higher will need to make minor changes to their configuration. ' However, if for some reason the user is unable to upgrade the affected server immediately, it can be fixed temporarily by turning off the AJP Connector, or redirecting it to a local port to avoid unnecessary risks to the server.