Experts warn of ongoing scans for Apache Tomcat servers affected by the Ghostcat flaw that could allow attackers to take over servers. Security experts are warning of ongoing scans for Apache Tomcat servers affected by the recently disclosed Ghostcat vulnerability CVE-2020-1938. The flaw affects all versions of Apache Tomcat, it could be exploited by attackers […]
Ghostcat flaw affects all versions of Apache Tomcat and could be exploited by hackers to read configuration files or install backdoors on vulnerable servers. All versions of Apache Tomcat are affected by a vulnerability dubbed Ghostcat that could be exploited by attackers to read configuration files or install backdoors on vulnerable servers. The vulnerability, tracked as […]
The Apache Software Foundation has rolled out security updates for the Tomcat application server that address several flaws. The Apache Software Foundation has released security updates for the Tomcat application server that address several vulnerabilities, including issues that trigger a denial-of-service (DoS) condition or can lead to information disclosure. Apache Tomcat is an open-source Java Servlet Container that implements […]
The security research Dawid Golunski reported a Root Privilege Escalation in the Apache Tomcat (RedHat-based distros) tracked as CVE-2016-5425. Apache Tomcat packages provided by default repositories of RedHat-based distributions (i.e. CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions. The configuration file /usr/lib/tmpfiles.d/tomcat.conf could be modified by a member of the tomcat group or by a malicious […]