Vulnerabilities

Zero-day vulnerability allows remote code execution in Apache Tomcat APJ CNVD-2020-10487/CVE-2020-1938

A team of vulnerability testing specialists has revealed the discovery of a remote code execution vulnerability in the Apache Tomcat AJP connector, which communicates with the web connector using the AJP protocol.

According to the report, the vulnerability
exists due to an incorrect validation on the Apache Tomcat AJP connector; a
remote threat actor can send a specially designed AJP request to deliver a
malicious payload and lead to arbitrary
code execution
on the target system. If successfully exploited, the
flaw can lead to the total compromise of the attacked system, so the vulnerability
testing experts consider it a critical flaw.

The vulnerability, tracked as CNVD-2020-10487/CVE-2020-1938, must be corrected immediately because, although there are no known cases of exploitation in the wild, it exposes vulnerable systems to major cybersecurity threats.


The flaw was detected by a group of
vulnerability testing experts from a Chinese security firm, who sent the
report, along with a proof of concept, to Apache Tomcat managers in a timely
manner; security patches for this flaw are already available. There are no
known workarounds at this time, so vulnerable deployment administrators are
advised to upgrade as soon as possible.

This has been a complex start to the year for
Apache Tomcat managers. A few weeks ago it was reported the finding of another
vulnerability in the Apache Tomcat authentication process that gave threat
actors the ability to deploy some attack variants. Although the researchers
initially considered that the possibility of exploiting this flaw was very low,
subsequent analyses modified the initial diagnosis, so the vulnerability, tracked
as CVE-2019-17563, was reclassified as severe, forcing the release of emergency
updates.

For more information on the most recently detected
security flaws, exploits, cyberattacks, and malware analysis, you can visit the
official website of the International Institute of Cyber Security
(IICS)
, as well as the official websites and forums of technology
companies currently working to correct major information security threats.

Comments
To Top

Pin It on Pinterest

Share This