CVE-2020-1938 - Ghostcat - vulnerability on Tomcat servers - WebNMS remains unaffected

Copy code

Permalink

Please tell us why you want to mark the subject as inappropriate. (Maximum 200 characters)

Private Message

From : guest

To :

Subject :

Content :

Type the characters you see in the picture below.

From : guest

To :

Subject :

Content :

Type the characters you see in the picture below.

Feedback

Email ID

Subject :

Comments :

Private Message

Type the characters you see in the picture below.

Attach files

Desktop Google Docs

Each Attachment size should not exceed 5.0 MB. Max no of attachments : 1

Loading User Profile...

guest

Response title

This is preview!

Attachments

()

You can also use the below options to login

New to this Portal?

Click on Join Now to Sign Up

Join Now

Move this topic

Forum :

Sub forum :

WebNMS Framework

venkatram.. Employee

CVE-2020-1938 - Ghostcat - vulnerability on Tomcat servers - WebNMS remains unaffected

in WebNMS Framework • 3 years ago

Short history:

The Tomcat servers released all these years are vulnerable to a bug named Ghostcat that can allow a remote unauthenticated attacker to take over the complete systems.

It was discovered by Chinese cybersecurity firm Chaitin Tech, Ghostcat is a flaw in the Tomcat AJP protocol.
More on this at: https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/

The good news is that: WebNMS had already disabled that AJP/1.3 connector (search for protocol="AJP/1.3" in NMS_HOME/apache/tomcat/conf/backup/server.xml and you can ensure that it's commented) and hence customers need not be worried about the same.

Solution to the affected servers at: https://access.redhat.com/solutions/4851251

Update on 5th March 2020: Tomcat 7.0.100, 8.5.51 & 9.0.31 in which this vulnerability is fixed is available at: https://workdrive.zohoexternal.com/external/6OxchwAdD5C-J8HFH - The apache/tomcat/conf/backup/server.xml is for SSL_PORT also. If you want to disable this, please comment the Container with SSL_PORT in apache/tomcat/conf/backup/server.xml.

Change topic type

Topic Type :

No of days :

Link this topic

Provide the permalink of a topic that is related to this topic

Permalink

Reply to venkatramanan's announcement

{"z334277":[56142000000854002]}

Statistics

0 Replies
1311 Views
0 Followers

Actions

Permalink

Response title

Attachments

New to this Portal?

CVE-2020-1938 - Ghostcat - vulnerability on Tomcat servers - WebNMS remains unaffected

Statistics

Tags

Actions