Serious vulnerabilities in Tomcat and what is the solution? 02/24 Update SLTechnology News&Howtos

Serious vulnerabilities in Tomcat and what is the solution?

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)05/31 Report--

This article will explain in detail about the serious loopholes in Tomcat and what the solution is. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

First, the principle of the vulnerability is that there is a file inclusion vulnerability in the Apache Tomcat server, which can be exploited by an attacker to read or include any file under all webapp directories on Tomcat, such as webapp configuration files or source code.

Due to a file inclusion flaw in the AJP service (port 8009) enabled by Tomcat by default, an attacker can construct a malicious request packet for file inclusion operation to read the Web directory file on the affected Tomcat server. 2. Loophole number according to the data, two loophole numbers are involved.

CVE-2020-1938

CNVD-2020-1048

Third, the version affected by the vulnerability

Apache Tomcat 6

Apache Tomcat 7

< 7.0.100 Apache Tomcat 8 < 8.5.51 Apache Tomcat 9 < 9.0.31 四、漏洞详情首先启动 apache tamcat 服务，访问 localhost： 8080 可以成功访问如下界面。通过上图，我们可以确定到对应 Tomcat 的版本号。然后再使用漏洞扫描工具对其进行端口扫描发现 8009、8080 都已端口开启，证明有该漏洞。

Then, you can demonstrate the attack using scripts written by others on github. Download address below, there are two. You can choose either of them.

Poc1 download address: https://github.com/0nise/CVE-2020-1938

Poc2 download address: https://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi

After downloading, go to the folder and execute the cmd command and add URL parameters using poc. It is important to note that poc is a py2 environment. Then execute the following command.

After successful execution, you can see that the file web.xml has been accessed successfully. Other files under WEB-INF can be accessed, including your source files, jsp, html, .class, etc.

Fifth, vulnerability repair plan 1. Disable the AJP protocol port of Tomcat and comment it out in the conf/server.xml configuration file.

2. Restrict authentication by setting secretRequired and secret attributes in the ajp configuration.

3. Upgrade the version of Tomcat. About the serious loopholes in Tomcat and what the solution is to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.