loading...
Sonatype

Nexus Intelligence Insights: What's in a Ghostcat? CVE-2020-1938 Apache Tomcat - Local File Inclusion Potentially Leads to RCE

katiemccaskey profile image Katie McCaskey Originally published at blog.sonatype.com on ・2 min read

By Ax Sharma

ghostcat

For this month’s Nexus Intelligence Insights, let’s dive deep into the popular Ghostcat vulnerability making headlines recently.

This vulnerability deserves attention as it impacts the widely used Apache Tomcat web server, has at least 5 exploits publicly available on GitHub and ExploitDB, and has a rather simple, yet overlooked, root cause. In fact,no version of Tomcat released in the last 13 years is immune to Ghostcat, unless properly patched.

The vulnerability, left unresolved, could pave an easy way for attackers to access arbitrary files on the server. The files may very well divulge sensitive information such as proprietary source code, stored passwords, API tokens, etc. More advanced PoCs can let malicious actors cause even further damage by remotely executing code on the system and planting backdoors, if they are able to get their hands on juicy bits of information.

What’s more? “Mass scanning activity targeting this vulnerability has already begun,” according to Bad Packets and evident from Shodan, thereby prompting immediate attention and a speedy remediation of this issue.

Read more at the Sonatype blog

Posted on by:

katiemccaskey profile

Katie McCaskey

@katiemccaskey

Writing about DevSecOps at Sonatype - please say hi!

Sonatype

We believe developers should spend time innovating—not jumping through security hoops. That’s why we designed Nexus to work the way you do. Intelligent open source security integrated with preferred dev tools to easily find and fix vulnerabilities.

Discussion

markdown guide