Mass scanning activity of Apache Tomcat servers that have not been patched from the Ghostcat vulnerability has been detected.
Mass scanning activity of Apache Tomcat servers that have not been patched from the Ghostcat vulnerability has been detected.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This is an interesting situation because Apache JServ Protocol (AJP) connections should absolutely never be exposed to untrusted users in the first place. With Ghostcat, we have concrete proof of yet another reason why the Tomcat install documentation encourages disabling of the AJP service on production systems. By specifying one path in the request URL and another in the extended request attributes, the ghostcat request exploits the fact that AJP gives remote attackers relatively low-level access to Tomcat’s HTTP internal implementation.