Ghostcat Vulnerability (CVE-2020–1938)

By
Prathap
Published on
26 Jun 2018
1 min read
Vulnerability

What is Ghostcat vulnerability?

Ghostcat is a vulnerability that affects Apache Tomcat, specifically the AJP protocol.

It currently affects versions before 9.0.31, 8.5.51, and 7.0.100. It happens because of a misconfiguration in AJP protocol followed by the default installation of Tomcat. This issue can cause a potential remote code execution.

By default, the Apache Tomcat includes the AJP connector. It is enabled by default and listens on all addresses on port 8009.

Ghostcat allows an attacker to retrieve arbitrary files from anywhere in the web application, including the WEB-INF and META-INF directories and any other location that can be accessed via ServletContext.getResourceAsStream().

It also allows the attacker to process any file in the web application as JSP.

Impact

A large number of actively reachable servers on the internet are running Apache Tomcat.

This is an old bug which has been active within the past 13 years and incorporates the versions 6.x/7.x/8.x/9.x. In most cases, this vulnerability will allow an attacker to read any resources that exist on the Tomcat server.

This can include the configuration files or any sensitive data on the server.

The worst case of this attack occurs when an application allows a user to upload files. In this case, an attacker can upload a malicious JSP file, and access it with their browser, leading to remote code execution.

This kind of attack may result in an exceedingly full compromise of the affected server.

Mitigation Or Precaution

Updating Apache to a newer version will help you to mitigate this vulnerability or if you are not using the AJP protocol then it can be closed by commenting out the port in the server.xml file.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Prathap
Prathap
Co-founder, Director
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.