CVE-2020-1938 - Tomcat Vulnerability "GhostCat" for VAIM

==========================

MS-ISAC ADVISORY NUMBER: 2020-028

DATE(S) ISSUED: 03/02/2020

SUBJECT:

A Vulnerability in Apache Tomcat Could Allow for Arbitrary File Reading (CVE-2020-1938)

THREAT INTELLIGENCE:

Proof-of-concept code has been released to GitHub by multiple security researchers.

SYSTEMS AFFECTED:

Apache Tomcat 9.x versions less than 9.0.31
Apache Tomcat 8.x versions less than 8.5.51
Apache Tomcat 7.x versions less than 7.0.100
Apache Tomcat 6.x versions (End of life, not patched)

==========================

Release : 12.9

Component : VPM GENERAL

RESOLUTION 1 (Disable Tomcat AJP Connector):

1. Stop CAAIPApache and CAAIPTomcat Services.
2. Close any open instances of the VAIM Manager.
3. Edit the X:\CA\VirtualAssurance\tomcat\conf\server.xml
4. Comment out this section as seen below:



5. Start CAAIPApache and CAAIPTomcat Services.

RESOLUTION 2 (Upgrade VAIM Tomcat instance to 7.0.100):

1. Close VAIM Manager.
2. Stop CAAIPTomcat.
3. IMPORTANT:  Take a FULL Backup copy of the X:\CA\VirtualAssurance\tomcat folder so you have a means to revert if there are any issues with the Tomcat update.
4. Overwrite the Bin and Lib folders in X:\CA\VirtualAssurance\tomcat with Bin and Lib folders included in the zip attached to this article.
5. Start CAAIP Tomcat.

The latest and last version of Tomcat 7 is 7.0.109 - This can be used as appropriate for newer vulnerabilities as applicable.

https://archive.apache.org/dist/tomcat/tomcat-7/v7.0.109/bin/