CVE-2020-1938 - Tomcat Vulnerability "GhostCat" for VAIM
==========================
MS-ISAC ADVISORY NUMBER: 2020-028
DATE(S) ISSUED: 03/02/2020
SUBJECT:
A Vulnerability in Apache Tomcat Could Allow for Arbitrary File Reading (CVE-2020-1938)
THREAT INTELLIGENCE:
Proof-of-concept code has been released to GitHub by multiple security researchers.
SYSTEMS AFFECTED:
Apache Tomcat 9.x versions less than 9.0.31
Apache Tomcat 8.x versions less than 8.5.51
Apache Tomcat 7.x versions less than 7.0.100
Apache Tomcat 6.x versions (End of life, not patched)
==========================
Release : 12.9
Component : VPM GENERAL
RESOLUTION 1 (Disable Tomcat AJP Connector):
1. Stop CAAIPApache and CAAIPTomcat Services.
2. Close any open instances of the VAIM Manager.
3. Edit the X:\CA\VirtualAssurance\tomcat\conf\server.xml
4. Comment out this section as seen below:
5. Start CAAIPApache and CAAIPTomcat Services.
RESOLUTION 2 (Upgrade VAIM Tomcat instance to 7.0.100):
1. Close VAIM Manager.
2. Stop CAAIPTomcat.
3. IMPORTANT: Take a FULL Backup copy of the X:\CA\VirtualAssurance\tomcat folder so you have a means to revert if there are any issues with the Tomcat update.
4. Overwrite the Bin and Lib folders in X:\CA\VirtualAssurance\tomcat with Bin and Lib folders included in the zip attached to this article.
5. Start CAAIP Tomcat.
The latest and last version of Tomcat 7 is 7.0.109 - This can be used as appropriate for newer vulnerabilities as applicable.
https://archive.apache.org/dist/tomcat/tomcat-7/v7.0.109/bin/