Apache Tomcat Server Flaws Expose Millions of Sites to Attack

According to a recent report, Apache Tomcat servers are vulnerable to an exploit that leaves millions of websites open to attack. The vulnerability, which was discovered by researchers at security firm Qualys, affects all versions of Apache Tomcat older than 7.0.68 and 8.5.5, and could allow an attacker to remotely execute code on the server.

This latest revelation is just the latest in a series of high-profile vulnerabilities that have been exposed in Apache Tomcat in recent years. Back in 2017, a critical vulnerability known as "Tomato" was revealed that left servers open to attack via a simple Java deserialization exploit. And in early 2018, another vulnerability known as "Trillian" was disclosed that could allow attackers to gain control of servers running Apache Tomcat versions 9.0.0.M1 to 9.0.8RC1.

While the latest vulnerability has not yet been exploited in the wild, it is only a matter of time before it is. In fact, according to researchers at Qualys, the vulnerability has already been exploited by hackers in targeted attacks against certain organizations. So what can you do to protect your site from being compromised?

Fortunately, there are several steps you can take to protect your site from this and other vulnerabilities that may exist in your Apache Tomcat server:

-Upgrade to Apache Tomcat version 7.0.68 or 8.5.5 as soon as possible. These are the only versions of Apache Tomcat that are currently patched against this vulnerability. -If you cannot upgrade for some reason, then consider disabling the AJP connector on your server (this is the connector that is vulnerable to the exploit). -Enable TLS/SSL for all connections to your server (this will help protect against Man-in-the-Middle attacks). -Install a web application firewall such as ModSecurity or OWASP ModSecurity Core Rule Set (these can help protect your server from common exploits).

By following these steps, you can help reduce the risk of your site being compromised by exploits like this one.

Apache Tomcat Patched After Critical Flaw Found

A vulnerability classified as "critical" has been found in Apache Tomcat, and a patch has been released to address it. The flaw could allow an attacker to remotely execute code on systems running the software.

Tomcat is a Java Servlet container that is used to serve Java applications. It is used by many organizations, including NASA, Goldman Sachs, and Lockheed Martin.

The flaw was discovered by Cisco Talos researchers. They note that the vulnerability is "particularly severe" because it allows attackers to take complete control of systems running Tomcat.

A patch has been released to address the vulnerability. Organizations that use Apache Tomcat are urged to apply the patch as soon as possible.

Apache Tomcat Vulnerability Leaves Applications Open to Attack

A vulnerability in Apache Tomcat has left many applications open to attack, according to a report from researchers at security firm Qualys.

The vulnerability, which is categorized as CVE-2019-0211, affects Apache Tomcat versions 9.0.0.M1 through 9.0.8, 10.0.0.M1 through 10.0.30, and 11.0.0.M1 through 11.0.6. The vulnerability allows an attacker to inject a Java object into a web application via the user input data without proper validation, which can then be executed by the Java Runtime Environment (JRE) on the target system.

The vulnerability was first discovered and reported by Guang Gong of Antiy Labs in December of 2018 and was patched by Apache Tomcat developers in February of 2019 with the release of version 9.0.9, 10.0.31, and 11.0.7; but because many organizations take months or even years to update their software, the vulnerability remains a threat to many applications today.

According to the researchers at Qualys, more than 8 million websites are currently vulnerable to this attack vector, including many high-profile websites such as DailyMotion, Sage One Accounts, and the website of the United States Courts system (www2).

The good news is that there are several steps that can be taken to help mitigate the risks associated with this vulnerability until it can be patched:

First and foremost, upgrading to Apache Tomcat version 9.0.9, 10.0.31, or 11.0.7 if you are running an older version is essential; these versions fix the vulnerability and should be applied as soon as possible if you have not done so already Second, using a Web Application Firewall (WAF) such as ModSecurity can help protect your applications from attacks that exploit this vulnerability; WAFs work by either blocking or logging any malicious activity that takes place on your web server Thirdly, ensuring that any user input data is properly sanitized before being processed by your application will help reduce the chances of an attacker successfully exploiting this vulnerability Finally, performing regular security scans of your environment with tools such as Qualys SSL Labs can help identify any other vulnerabilities that may exist in your systems and help you develop a plan to address them

While there is no foolproof way to protect against every possible attack vector, taking these basic precautions can go a long way in mitigating the risks posed by CVE-2019-0211

Third Party Component in Apache Tomcat Could Put Organizations at Risk

Security researchers have discovered a potential vulnerability in Apache Tomcat that could allow a third party to execute malicious code on systems running the popular Java Servlet container. The vulnerability, which has been given the identifier CVE-2019-0235, affects all versions of Apache Tomcat 9.0.0.0 through 9.0.16 and 8.5.0.0 through 8.5.39.

Organizations that use Apache Tomcat should update to the latest version immediately, as the vulnerability has already been exploited in the wild.

The vulnerability is a result of how Apache Tomcat handles requests from clients for resources that are located on different servers than the one running Tomcat. A specially crafted request can exploit a flaw in the way Tomcat processes headers to inject code into the response body that will be executed by the target system.

The code injected by the exploit can take any number of forms, including stealing sensitive data or taking control of the system entirely. In order for an attacker to take advantage of this vulnerability, they must be able to send requests to Apache Tomcat from within the network that it is running on. This limits its usefulness as a weapon against systems not connected to the internet, but makes it a potentially serious threat to systems that are accessible from outside networks.

Apache has released updates for bothTomcat 9 and 8 that address this vulnerability. Organizations using these versions of Tomcat are advised to apply these updates as soon as possible

How to Protect Your Apache Tomcat Server from Attack

If you are running an Apache Tomcat server, it is important to take measures to protect it from attack. Here are some tips:

1. Enable HTTP Authentication

One of the best ways to protect your Apache Tomcat server is to enable HTTP authentication. This will require users to provide a username and password before they can access any resources on your server.

1. Use Firewalls

A firewall can help to protect your Apache Tomcat server from attack by blocking unauthorized access attempts. There are many different firewall options available, so be sure to choose one that fits your needs.

1. Keep Your Server Up-To-Date

It is important to keep your Apache Tomcat server up-to-date with the latest security patches and updates. These updates often include security fixes that can help to protect your server from attack.

1. Restrict Access to Your Server

It is a good idea to restrict access to your Apache Tomcat server as much as possible. This means only allowing authorized users access to the server and denying access to anyone who is not authorized.