The Ghostcat vulnerability is a security issue that affects Apache Tomcat. This vulnerability allows hackers to upload a file to the server and access the server's configuration and other available files, allowing remote code execution. This is caused because of a flaw in the Apache JServ Protocol (AJP).
Affected versions of Tomcat include 6.x to 9.x.
Let's go through this vulnerability in detail. Tomcat is a widely-used open source web server. In general, web servers use HTTP to communicate. In addition to HTTP, Tomcat also uses AJP for internal communication.
AJP is a method for the web server to communicate with the associated app server. By default, this protocol is activated while installing Tomcat. But in version 6.x to 9.x, this poses a vulnerability—anyone can upload a malicious piece of code via AJP, thereby reading the configuration files and other available files on the corresponding web server, allowing the possibility of remote code execution.
The immediate fix includes updating to the latest version of Tomcat—versions 9.0.31, 8.5.51, and 7.0.100.
You can also check if your web server is vulnerable with Site24x7’s Ghostcat vulnerability checker.