Malware, Network Security, Vulnerability Management

Apache Tomcat vulnerability results in remote code exectuion

Share

Security researchers identified a remote code execution on windows vulnerability in Apache Tomcat.

The vulnerability is rated “Important” and was identified by an external security researcher and reported to the Apache Tomcat security team via the bug bounty program, according to an April 10 blog post.

The vulnerability leaves the CGI Servlet at risk due to a flaw in the way the JRE passes command line arguments to Windows and occurs when running on Windows with enableCmdLineArguments enabled.

Both the CGI Servlet and the CGI option enableCmdLineArguments are disabled by default in Tomcat 9.0.x and will be disabled by default in all versions in response to this vulnerability.

Researchers recommend users of affected versions should apply one of the following mitigations to ensure the CGI Servlet initialization parameter enableCmdLineArguments is set to false and upgrading to the latest version of Apache Tomcat.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

Related Events

Related Terms

Address Resolution Protocol (ARP)BridgeBroadcast AddressBuffer OverflowCall Admission Control (CAC)CellDisassemblyDistance VectorDomainDomain Name

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.