This document explains the CVE-2020-1938 GhostCat vulnerability that have been reported.
Vulnerability ID : CVE-2019-12133
Update Release build : 100505
Update Release Date : 05-March-2020
Reported by: Chaitin Tech, China
GhostCat affects the default configuration of Tomcat servers. It is related to the Apache JServ Protocol (AJP) protocol. The AJP connector used by Tomcat is affected in such a way that it can be exploited by an unauthenticated attacker to access configuration and source code files for web applications deployed on a server. If the system allows users to upload files, an attacker can upload malicious JavaServer Pages (JSP) code to the server and use Ghostcat to execute that code.
These vulnerabilities have been identified and fixed. To apply the fix, follow the steps mentioned below:
Keywords: GhostCat, Security Updates, Vulnerabilities and Fixes.