Share This:

What is the threat?

A remote code execution vulnerability was discovered in the Apache Tomcat application server software – CVE-2019-0232. The Common Gateway Interface (CGI) servlet that this vulnerability affects is disabled by default, which is why the severity of this threat was set to “important” rather than “critical”. The flaw was discovered earlier this month, and updates have since been released to patch this vulnerability.

Why is this noteworthy?

This vulnerability gives malicious actors the ability to remotely execute code and take control of a vulnerable server that has the CGI servlet enabled. If the malicious actor takes control of your server, all the data and essential information on that server can be compromised. A large known data breach of Equifax was also influenced by a vulnerability on a version of Apache server that was not updated to the patched version.

What is the exposure or risk?

Exploitation of this vulnerability will allow the attacker to execute code remotely. Data breach and loss of sensitive information are the other main risks associated with this vulnerability.

What can you do?

SkOUT Secure Intelligence recommends immediately updating to the latest patched version of Apache Tomcat application server. We also recommend verifying that the default enableCmdLineArguments option is disabled.

Affected Versions:

• Apache Tomcat 9.0.0.M1 to 9.0.17

• Apache Tomcat 8.5.0 to 8.5.39

• Apache Tomcat 7.0.0 to 7.0.93

Patched Versions:

• Apache Tomcat 9.0.18 and later

• Apache Tomcat 8.5.40 and later

• Apache Tomcat 7.0.94 and later

References:

For more in-depth information about the recommendations, please visit the following links:

https://securityaffairs.co/wordpress/83879/security/apache-tomcat-application-server-rce.html

https://www.itpro.co.uk/security/33457/apache-fixes-dangerous-rce-flaw-in-tomcat-application-server

https://nvd.nist.gov/vuln/detail/CVE-2019-0232

For more information, please contact our Security Operations Center.


Share This:
Doris Au

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published. Required fields are marked *