CVE-2020-1938 - Tomcat Vulnerability "GhostCat" for VAIM
MS-ISAC ADVISORY NUMBER: 2020-028
DATE(S) ISSUED: 03/02/2020
A Vulnerability in Apache Tomcat Could Allow for Arbitrary File Reading (CVE-2020-1938)
Proof-of-concept code has been released to GitHub by multiple security researchers.
Apache Tomcat 9.x versions less than 9.0.31
Apache Tomcat 8.x versions less than 8.5.51
Apache Tomcat 7.x versions less than 7.0.100
Apache Tomcat 6.x versions (End of life, not patched)
Release : 12.9
Component : VPM GENERAL
RESOLUTION 1 (Disable Tomcat AJP Connector):
1. Stop CAAIPApache and CAAIPTomcat Services.
2. Close any open instances of the VAIM Manager.
3. Edit the X:\CA\VirtualAssurance\tomcat\conf\server.xml
4. Comment out this section as seen below:
5. Start CAAIPApache and CAAIPTomcat Services.
RESOLUTION 2 (Upgrade VAIM Tomcat instance to 7.0.100):
1. Close VAIM Manager.
2. Stop CAAIPTomcat.
3. IMPORTANT: Take a FULL Backup copy of the X:\CA\VirtualAssurance\tomcat folder so you have a means to revert if there are any issues with the Tomcat update.
4. Overwrite the Bin and Lib folders in X:\CA\VirtualAssurance\tomcat with Bin and Lib folders included in the zip attached to this article.
5. Start CAAIP Tomcat.
The latest and last version of Tomcat 7 is 7.0.109 - This can be used as appropriate for newer vulnerabilities as applicable.