Our internal 3rd Party Vulnerability team detected a vulnerability in Ghostcat on the OM Web Viewer Servers. Please provide information to remediate this issue or guidance on the remediation.
The threat indicates that Apache Tomcat® fixed a vulnerability that allows an attacker to read any webapps files. If the Apache Tomcat® instance support file uploads, the vulnerability could also be leveraged to achieve remote code execution. Also known as 'Ghostcat'.
Affected versions are:
Apache Tomcat® 9.0.0 through 9.0.30
Apache Tomcat® 8.5.0 through 8.5.50
Apache Tomcat® 7.0.0 through 7.0.99
QID Detection Logic (Unauthenticated)
The QID sends an AFP payload with respect to web.xml file. Note: Apache Tomcat® version 8.0.x are found affected by this during investigation.
Remediation Notes: Updated versions of Apache Tomcat® are available that fix these vulnerabilities. Workaround is to temporarily disable the AJP protocol port.
There are already patches available on The Apache Tomcat® Website
Output Management Web Viewer 12.1
Apache Tomcat®
Workaround
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!-- <==start comment
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="8443" />
--> <==end comment
Note the solutions are the same for all platforms.