Support

Lorem ipsum dolor sit amet:

24h / 365days

We offer support for our customers

Mon - Fri 8:00am - 5:00pm (GMT +1)

Get in touch

Cybersteel Inc.
376-293 City Road, Suite 600
San Francisco, CA 94102

Have any questions?
+44 1234 567 890

Drop us a line
info@yourdomain.com

About us

Lorem ipsum dolor sit amet, consectetuer adipiscing elit.

Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec.

On February 29th, a vulnerability affecting Apache Tomcat were publicly disclosed:

This CVE describes an issue in AJP (Apache JServ Protocol) that can be exploited to either read or write files to a Tomcat server. Tomcat uses AJP to exchange data with nearby Apache HTTPD web servers or other Tomcat instances. This connector is enabled by default on all Tomcat servers and listens on the server’s port 8009, bounded to the 0.0.0.0 IP address.

In addition, application’s configuration files could be read, and passwords or API tokens stolen creating backdoors or web shells. This attack is exploitable via network with low attack complexity and without the required privileges as well as without the need for user interaction.

More info about this issue and the exact changes at the Apache Tomcat official site.

Affected Platforms

Check the Apache Tomcat version that you are currently using. The following versions are vulnerable and allow malicious users to exploit it:

  • 7.0.0 to 7.0.99
  • 8.5.0 to 8.5.50
  • 9.0.0.M1 to 9.0.30

How To Patch It

Update Apache Tomcat version to 7.0.100, 8.5.51 or 9.0.31.

We also recommend to not expose the AJP port externally to avoid being affected by this issue.

Bitnami Packages

Both ReportServer Enterprise and Community editions Bitnami solutions were updated to include the latest version of Tomcat. Also, new cloud images we submitted to the different cloud providers to secure new users deployments in the cloud as well.

More information can be found here: https://docs.bitnami.com/general/security/security-2020-02-29/

Zurück

InfoFabrik GmbH

Wir wollen, dass alle Unternehmen, Institutionen und Organisationen, die Daten auswerten, selbständig und zeitnah genau die Informationen erhalten, die sie für ein erfolgreiches Arbeiten benötigen.

InfoFabrik GmbH
Klingholzstr. 7
65189 Wiesbaden
Germany

+49 (0) 611 580 66 25

Kontaktieren Sie uns

Bitte rechnen Sie 5 plus 5.
Copyright 2007 - 2024 InfoFabrik GmbH. All Rights Reserved.

Auf unserer Website setzen wir Cookies und andere Technologien ein. Während einige davon essenziell sind, dienen andere dazu, die Website zu verbessern und den Erfolg unserer Kampagnen zu bewerten. Bei der Nutzung unserer Website werden Daten verarbeitet, um Anzeigen und Inhalte zu messen. Weitere Informationen dazu finden Sie in unserer Datenschutzerklärung. Sie haben jederzeit die Möglichkeit, Ihre Einstellungen anzupassen oder zu widerrufen.

Datenschutzerklärung Impressum
You are using an outdated browser. The website may not be displayed correctly. Close