Apache Tomcat Web Server Vulnerability
Author: Gabriel Barbosa, Cipher Red Team Services
A security flaw recently identified in the Apache Tomcat software allows anyone to access sensitive system information even without authentication. Apache Tomcat is a widely used web server.
The vulnerability is recorded as CVE-2020-1938. The vulnerability exploits a flaw in the Apache JServ Protocol (AJP). The flaw treats certain connections as trustworthy when they are not. A criminal exploiting this flaw could have access to all web application files. Depending on the scenario, this may give access to customer data, personal information, database passwords, and other content.
The flaw is present in all versions of the software (9.x / 8.x / 7.x / 6.x). It can be exploited in the standard software configurations, meaning it does not require a bad configuration by a human . It is recommended to update the software to the latest version. In addition, access to the AJP protocol should be restricted only to necessary users.
Since this vulnerability impacts servers and service providers, impacts for ordinary users are mostly collateral damage, and this will vary from site to site. Problems can range from leaks of confidential data, to full access to the server, depending on permissions.
The guideline for fixing this issue is to install a new server, update all packages and services, validate the source code and database, and then return the server to production.