Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Apache Tomcat (CVE-2020-1938)
Alerts

Critical Vulnerability in Apache Tomcat (CVE-2020-1938)

2 March 2020

Apache has released Tomcat versions 9.0.31, 8.5.51, and 7.0.100 to address a critical vulnerability (CVE-2020-1938).

This vulnerability exists due to a bug in the Apache JServ Protocol (AJP). Successful exploitation of this vulnerability could allow an attacker to read the content of any file on a vulnerable web server and steal sensitive information, or execute arbitrary code if the server allows file uploads.

Users and system administrators of affected products are advised to install the latest security updates immediately.

Users and system administrators of Apache Tomcat 6, which had reached its end-of-life in 2016, are advised to upgrade to the latest version of the software as soon as possible.

More information is available here:
https://nvd.nist.gov/vuln/detail/CVE-2020-1938
https://www.chaitin.cn/en/ghostcat
https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/
https://securityboulevard.com/2020/02/patch-your-tomcat-and-jboss-instances-to-protect-from-ghostcat-vulnerability-cve-2020-1938-and/

Back to top