![]() ![]() When we update the Black Duck KnowledgeBase™ (which we do every hour), any new vulnerability information related to the open source components in your applications is pushed to you in the form of new notifications. The best part is that you don’t need to keep rescanning your applications to uncover new vulnerabilities. So how can your development and security teams stay up to date on all new vulnerabilities found in the open source components you already use?īlack Duck’s enhanced vulnerability reports include information from both the NVD security feed and Black Duck Security Advisories, our own proprietary security feed from the Cybersecurity Research Center ( CyRC). Apache Tomcat is a very widely used open source component, with more than 10 million downloads, per the Apache Foundation blog. The Ghostcat vulnerability is a perfect example of how a new vulnerability in a popular component can have a widespread effect. ![]() New vulnerabilities are discovered every day in already released open source components. How often should I rescan my applications to find new vulnerabilities? For each component, Black Duck also provides security vulnerability information, as well as public exploits, workarounds, solutions, version upgrade advisories, and detailed vulnerability explanations. Black Duck, our SCA solution, relies on several scanning techniques, including signature matching, package manager inspection, and snippet matching, across different types of applications, such as web apps, mobile apps, thin clients, thick clients, Docker containers, and binary files. SCA tools scan an application to create a software bill of materials, or an inventory of all the open source components in the application. The best way to know what’s in your code is with software composition analysis (SCA). How do I find Ghostcat and other vulnerabilities in my applications? If an upgrade is not possible, the requiredSecret attribute can be configured to set AJP protocol authentication credentials like so: The AJP connector service can be disabled by commenting out or removing the appropriate line from the $CATALINA_HOME/conf/server.xml file and restarting Tomcat. The Black Duck Security Advisory for the Ghostcat vulnerability suggests the following workaround: The availability of public exploits makes it easy for malicious actors to launch attacks: Apache Tomcat’s AJP connector is enabled by default on all Tomcat servers and listens on the server’s port 8009. Ghostcat also affects the default configuration of Tomcat, and many servers may be vulnerable to attacks directly from the internet. This vulnerability is present in all versions of Apache Tomcat released in the last 13 years (versions 6.x/7.x/8.x/9.x). More than 1 million actively reachable servers on the internet are running Apache Tomcat. The popularity of Apache Tomcat makes this vulnerability severe. What makes Ghostcat a severe vulnerability? However, the attacker must be able to save the uploaded files to the document root and to reach the AJP port directly from outside the target’s network. If an application running on an affected version of Tomcat contains a file upload vulnerability, an attacker can exploit it in combination with Ghostcat to achieve remote code execution. Remote code execution is not possible by default. It also allows the attacker to process any file in the web application as JSP. Ghostcat allows an attacker to retrieve arbitrary files from anywhere in the web application, including the `WEB-INF` and `META-INF` directories and any other location that can be reached via ServletContext.getResourceAsStream(). This connection is treated with more trust than a connection such as HTTP, allowing an attacker to exploit it to perform actions that are not intended for an untrusted user. Apache Tomcat includes the AJP connector, which is enabled by default and listens on all addresses on port 8009. Ghostcat is a vulnerability found in Apache Tomcat versions 6.x, 7.x, 8.x, and 9.x that allows remote code execution in some circumstances. Ghostcat (CVE-2020-1938) is an Apache Tomcat vulnerability that allows remote code execution in some circumstances. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |