The CVE 2020-1938 takes advantage of Tomcat’s AJP connector, which helps the attacker read sensitive information from web apps and even more critical action if file uploads are allowed on the web application.
- Understanding Tomcat connectors
- Ghostcat vulnerability was found in the Tomcat AJP connector allowing an attacker to read or include any files in Tomcat’s web app directories
- This vulnerability affects all versions of Tomcat in the default configuration which means that it has been dormant in Tomcat for more than a decade and hence needed to be updated or configured to prevent any attack
- Taking a look at how to mitigate this vulnerability
- Understanding the working of the exploit using an attack demonstration on a virtual target