GhostCat isn't the only open source vulnerability you need to worry about. And we can help you establish the processes you need to avoid these vulnerabilities in the future.Ĭonnect with an open source expert today to learn how we can help you. We can help you prevent vulnerabilities like GhostCat. Our team at OpenLogic by Perforce is ready to help you get your Apache Tomcat servers secure and supported. Get Help Fixing the GhostCat Vulnerability Scanning for open ports on the Tomcat server will also indicate if there is an AJP port open. During the initialization of protocols, AJP should not be there, just HTTP, and/or HTTPS. When the server starts, ensure AJP is not enabled by watching the log file. If traffic is blocked on the default AJP port, port 8009, there is no way to leverage this vulnerability.Īfter updating the server.xml the server will require a restart. This is done by deleting or commenting out the entry in the server.xml file.įirewalls will also assist with preventing access to the server. In order to prevent unauthorized access, simply disable the AJP endpoint. The endpoint for AJP is enabled or disabled in the server.xml file.īelow we see the default example that ships with the server.xml in the 9.0.31 release. If there is an entry in your log file that includes “ajp” and “initializing”, the server is vulnerable.Īlso, check the server.xml file. The entry for the AJP protocol looks like this: .init Initializing ProtocolHandler Ĩ009 is the default port for the AJP protocol endpoint. The log file has an entry for initializing protocols, with the package: Read our new Enterprise Guide to Apache Tomcat for a full range of Tomcat security best practices, with additional sections on performance, resilience, clustering, and more.Īre You at Risk for the GhostCat Vulnerability?Ĭhecking the log file (catalina.out by default, or the service name if running on Windows) or the configuration file is the best way to determine if the server is vulnerable. If you are proxying to your server via the AJP port, enable the HTTP port and proxy traffic using the HTTP (or HTTPS) protocol. Very few situations require the use of a binary protocol. ![]() If you are forced to use AJP or the Apache JServ Protocol, you will be vulnerable. How can you prevent your Apache Tomcat web server from being affected? You may have heard about it or have been affected by the GhostCat vulnerability already. This vulnerability is serious - but GhostCat is also easily fixable. this vulnerability affects versions of Tomcat prior to 9.0. It is designated by Mitre as CVE-2020-1938. GhostCat is a vulnerability in Apache TomCat with a serious security flaw. If you need help patching your Tomcat builds, please reach out to our team via the form on our Tomcat support page. Note From the Editor:While GhostCat is relatively old news now, teams still need to remain vigilant in patching their Tomcat versions for known CVEs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |