What is the threat?
A remote code execution vulnerability was discovered in the Apache Tomcat application server software – CVE-2019-0232. The Common Gateway Interface (CGI) servlet that this vulnerability affects is disabled by default, which is why the severity of this threat was set to “important” rather than “critical”. The flaw was discovered earlier this month, and updates have since been released to patch this vulnerability.
Why is this noteworthy?
This vulnerability gives malicious actors the ability to remotely execute code and take control of a vulnerable server that has the CGI servlet enabled. If the malicious actor takes control of your server, all the data and essential information on that server can be compromised. A large known data breach of Equifax was also influenced by a vulnerability on a version of Apache server that was not updated to the patched version.
What is the exposure or risk?
Exploitation of this vulnerability will allow the attacker to execute code remotely. Data breach and loss of sensitive information are the other main risks associated with this vulnerability.
What can you do?
SkOUT Secure Intelligence recommends immediately updating to the latest patched version of Apache Tomcat application server. We also recommend verifying that the default enableCmdLineArguments option is disabled.
Affected Versions:
• Apache Tomcat 9.0.0.M1 to 9.0.17
• Apache Tomcat 8.5.0 to 8.5.39
• Apache Tomcat 7.0.0 to 7.0.93
Patched Versions:
• Apache Tomcat 9.0.18 and later
• Apache Tomcat 8.5.40 and later
• Apache Tomcat 7.0.94 and later
References:
For more in-depth information about the recommendations, please visit the following links:
https://securityaffairs.co/wordpress/83879/security/apache-tomcat-application-server-rce.html
https://www.itpro.co.uk/security/33457/apache-fixes-dangerous-rce-flaw-in-tomcat-application-server
https://nvd.nist.gov/vuln/detail/CVE-2019-0232
For more information, please contact our Security Operations Center.