All Posts

2 posts

Detect Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys WAS

As previously reported, a severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, named “Ghostcat”, which is tracked using CVE-2020-1938 and rated critical severity with a CVSS v3 score of 9.8.

This blog post details how web application security teams can detect this vulnerability using Qualys Web Application Scanning (WAS). This new Qualys WAS detection complements the detection that uses Qualys VMDR®.

Continue reading …

Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR

A severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, which is named “Ghostcat” and is tracked using CVE-2020-1938The security issue has received a critical severity rating score of 9.8 based on CVSS v3 Scoring system. 

Vulnerability Details:
Due to a file inclusion defect in the AJP service (port 8009) that is enabled by default in Tomcat, an attacker can construct a malicious request package for file inclusion operation, and then read the web directory file on the affected Tomcat server. If the system allows users to upload files, an attacker can upload malicious code to the server, and gain the ability to perform remote code execution.

Continue reading …