Critical 'Ghostcat' Vulnerability Affects Wide Range of Apache Tomcat Versions
A critical vulnerability, dubbed 'Ghostcat', has been discovered in Apache Tomcat's Apache JServ Protocol (AJP). This affects a wide range of Tomcat versions, including 9.0.0 to 9.0.30, 8.5.0 to 8.5.51, and 7.0.0 to 7.0.100. The vulnerability, tracked as CVE-2020-1938, is rated critical with a CVSS v3 score of 9.8.
Ghostcat exploits a weakness in AJP, which is commonly used for communication in Apache Tomcat web servers. By default, AJP is enabled on port 8009. Successful exploitation can grant attackers access to configuration files and potentially allow remote code execution.
To mitigate Ghostcat, several steps are recommended. Firstly, disable port 8009 to prevent AJP from being exploited. Secondly, set a strong secret key for AJP to enhance security. Lastly, upgrade Tomcat to patched versions to ensure the latest security measures are in place.
Qualys Web Application Scanning (WAS) can detect Ghostcat by identifying vulnerable Tomcat versions. As of recent reports, vulnerable versions include those that had not yet been updated with the latest patches, specifically those vulnerable to malicious Tomcat listener shell class samples exploited in Ivanti Endpoint Mobile Management Systems, with CVE-2025-4427 and CVE-2025-4428 involving unauthenticated remote code execution via Tomcat listener vulnerabilities.
In summary, Ghostcat poses a significant threat to Apache Tomcat servers. Users are urged to promptly apply the recommended mitigations to protect their systems. Regular updates and security assessments are crucial to maintain a secure environment.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
- East Asian countries should be cautious: Fraudulent groups are moving towards the region - it's time to stay vigilant - Phar Kim Beng
