- Ghostcat is a vulnerability found in Apache Tomcat versions 6.x, 7.x, 8.x, and 9.x that allows remote code execution
- Apache Tomcat includes the AJP connector, which is enabled by default and listens on all addresses on port 8009.
- which allows the attacker to get information from the application, including the `WEB-INF` and `META-INF` deployment folders.
Option1:
if you are using AJP port on (Tomcat ) then update tomcat version to
*************************************************************
Apache Tomcat has officially released versions 9.0.31, 8.5.51, and 7.0.100 to fix this vulnerability
*************************************************************
Option2:
if you are not using AJP port on (Tomcat /JBoss) then disable/comment the same AJP port on server.xml /standalone.xml file.
*************************************************************
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp" enabled="false"/>
*************************************************************
Thanks 😊
No comments:
Post a Comment