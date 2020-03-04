Scanning For Ghostcat – Expert Reaction By Security Experts March 4, 2020 470 0 Dot Your Expert Comments Facebook Twitter WhatsApp Google LinkedIn Email Mass scanning activity of Apache Tomcat servers that have not been patched from the Ghostcat vulnerability has been detected. EXPERTS COMMENTS Craig Young, , Principal Security Researcher , Tripwire March 04, 2020 Apache JServ Protocol (AJP) connections should absolutely never be exposed to untrusted users in the first place. This is an interesting situation because Apache JServ Protocol (AJP) connections should absolutely never be exposed to untrusted users in the first place. With Ghostcat, we have concrete proof of yet another reason why the Tomcat install documentation encourages disabling of the AJP service on production systems. By specifying one path in the request URL and another in the extended request attribu ....[Read More >>]This is an interesting situation because Apache JServ Protocol (AJP) connections should absolutely never be exposed to untrusted users in the first place. With Ghostcat, we have concrete proof of yet another reason why the Tomcat install documentation encourages disabling of the AJP service on production systems. By specifying one path in the request URL and another in the extended request attributes, the ghostcat request exploits the fact that AJP gives remote attackers relatively low-level access to Tomcat’s HTTP internal implementation. Share Like(0) If you are an expert on this topic: Dot Your Expert Comments SUBSCRIBE to alert when new comments are posted on this news. : Subscribe In this article Expert Comments
