The latest vulnerability, GhostCat, affects all versions (9.x/8.x/7.x/6.x) of Apache Tomcat released in the past 13 years. The new found vulnerability can allow hackers to take over unpatched systems.
Cygilant Cybersecurity Analyst, Santhosh Kumar Maddula, advises:
- Ghostcat can be used to read configs and steal passwords & API tokens
- In some cases, it can be used to RCE/write files (think "plant backdoors")
- There are at least 5 pentest and proof of concepts available online
- If, for some reason, you can't upgrade your affected web server immediately, you should disable the AJP Connector directly, or change its listening address to the localhost.
If you require support for the GhostCat vulnerability, get in touch. Cygilant works to help resource constrained organizations identify vulnerabilities across systems, patch these or apply security measures so that known vulnerabilities cannot be exploited.