Apache Tomcat servers launched within the final 13 years are weak to a bug named Ghostcat that may enable hackers to take over unpatched techniques. From a report: Found by Chinese language cybersecurity agency Chaitin Tech, Ghostcat is a flaw within the Tomcat AJP protocol. AJP stands for Apache JServ Protocol and is a performance-optimized model of the HTTP protocol in binary format. Tomcat makes use of AJP to alternate knowledge with close by Apache HTTPD internet servers or different Tomcat situations. Tomcat’s AJP connector is enabled by default on all Tomcat servers and listens on the server’s port 8009. Chaitin researchers say they found a bug in AJP that may be exploited to both learn or write recordsdata to a Tomcat server.
