Test if any of your websites are vulnerable to the Ghostcat bug
What is Ghostcat Vulnerability?
Ghostcat is a vulnerability that affects Apache Tomcat. It is caused by an insecure configuration of the AJP protocol in the default installation of Tomcat, leading to attackers being able to read or include any files in the webapp directories of Tomcat and giving them the advantage of remote code execution.
What is AJP?
AJP stands for Apache Jserv Protocol, and it is used as an optimized version of the HTTP protocol in binary form. By default, AJP is enabled in Apache Tomcat, and is set to listen on port 8009.
What versions of the Tomcat are affected?
Apache Tomcat 9.x < 9.0.31, Apache Tomcat 8.x < 8.5.51, Apache Tomcat 7.x < 7.0.100, Apache Tomcat 6.x
We check for:
The accessibility of port 8009
Does the installed Tomcat version belong to any of the affected versions
How are we checking?
Site24x7 tool will try to establish a connection to 8009 port for all the resolved IPs for the given website URL. If a connection is established, it indicates that the given site is vulnerable to Ghostcat attack. If not, the given website is safe and secure from Ghostcat vulnerability.