How many of you thought of their Apache Tomcat servers this morning?
Please make sure that you are aware of the Ghostcat high-risk vulnerability which was discovered last week (CVE-2020-1938). This vulnerability allows attackers to access app configuration files, steal passwords or API tokens and write files to a server, such as backdoors or web shells.
The Ghostcat vulnerability is rather widespread. It may effect all Apache Tomcat servers released in the last 13 years, including 6.x, 7.x, 8.x, and 9.x Tomcat branches.
Patches were released for Tomcat 7.x, Tomcat 8.x, and Tomcat 9.x branches, but not for the 6.x branch, which went end of life in 2016.
It seems like a good time to consider implementing this patches in your patch management lifecycle, as some time ago we evidenced what could happen to organisations that do not patch their Apache servers properly… (#EquifaxBreach)