CVE-2020-1938 - Tomcat Vulnerability "GhostCat" for VAIM

book

Article ID: 185675

calendar_today

Updated On:

Products

CA Virtual Assurance for IM

Issue/Introduction

CVE-2020-1938 - Tomcat Vulnerability "GhostCat" for VAIM

==========================

MS-ISAC ADVISORY NUMBER: 2020-028

DATE(S) ISSUED: 03/02/2020

SUBJECT:

A Vulnerability in Apache Tomcat Could Allow for Arbitrary File Reading (CVE-2020-1938)

THREAT INTELLIGENCE:

Proof-of-concept code has been released to GitHub by multiple security researchers.

SYSTEMS AFFECTED:

Apache Tomcat 9.x versions less than 9.0.31
Apache Tomcat 8.x versions less than 8.5.51
Apache Tomcat 7.x versions less than 7.0.100
Apache Tomcat 6.x versions (End of life, not patched)

==========================

Environment

Release : 12.9

Component : VPM GENERAL

Resolution

RESOLUTION 1 (Disable Tomcat AJP Connector):

1. Stop CAAIPApache and CAAIPTomcat Services.
2. Close any open instances of the VAIM Manager.
3. Edit the X:\CA\VirtualAssurance\tomcat\conf\server.xml

4. Comment out this section as seen below:



5. Start CAAIPApache and CAAIPTomcat Services.

RESOLUTION 2 (Upgrade VAIM Tomcat instance to 7.0.100):

1. Close VAIM Manager.
2. Stop CAAIPTomcat.
3. IMPORTANT:  Take a FULL Backup copy of the X:\CA\VirtualAssurance\tomcat folder so you have a means to revert if there are any issues with the Tomcat update.
4. Overwrite the Bin and Lib folders in X:\CA\VirtualAssurance\tomcat with Bin and Lib folders included in the zip attached to this article.
5. Start CAAIP Tomcat.

Attachments

1583418284597__vaim-apache-tomcat-7.0.100-windows-x86.zip get_app