What is it about?
A vulnerability (CVE-2020-1938) has been identified on Apache Tomcat , named “GhostCat”, which is a flaw in the Tomcat AJP protocol.
In order for an attacker to exploit the vulnerability of GhostCat, the AJP Connector must be activated and the attacker must have access to the AJP Connector service port.
What is the impact of this attack?
An attacker can get access to configuration files and source code files of any web applications deployed on Tomcat. This is feasible in case the site exposes file upload functionality which is used by an attacker to initially upload a malicious JSP script code file (the code can be contained to files of any filetype, such as pictures, plain text files, etc.). If the included file is successfully exploited it allows the attacker to execute malicious code.
Affected product versions
What organisations should do as part of mitigation and prevention actions
It is strongly recommended that affected customers should immediately take action and apply the provided mitigation steps: