Warning: Critical security vulnerability that threatens more than 1 million servers
On the morning of 6th March, Vietnam Cyber Security Joint Stock Company (VSEC) issues a warning about Ghostcat - a vulnerability in the Apache Tomcat open source software that can affect more than 1 million active servers, including Vietnam.
Apache Tomcat is an free open source web server sofware, used to run applications on web programmed in Java language, highly appreciated for its ability to establish a safe, cost-saving and effective website environment. That is also Apache Tomcat is always on the list of the most popular open source software in the world today, and is widely used by many groups in finance, banking, and telecommunications...
Therefore, occurrence of vulnerabilities in this software is supposed extremely dangerous.
Analysis from VSEC experts shows that this vulnerability allows hackers to read application configuration files, steal passwords, and even hijack the server.
GhostCat is tracked with the code CVE-2020-1938 (CVSS 9.8), which is exploited by hackers by inserting special characters while sending requests to the server in order to read source code or server configuration file information. Once having these configuration files, hackers can access and install backdoors to remotely hijack and begin other network attacks.
Ghostcat is currently detected on all versions (9.x / 8.x / 7.x / 6.x) of Apache Tomcat released over the past 13 years. Now, the exploit code has appeared and widely shared on the internet, from which, hackers can find and plan to penetrate web server easily.
According to BinaryEdge vulnerability search engine, there are more than one million Tomcat servers currently active, so VSEC experts recommend that all business and individuals using Apache Tomcat need to update to the lastest version to advoid being "prey" on the list of hackers.