Apache Tomcat Vulnerability Exploited in the Wild
Vulnerability Details
The affected versions include:
- Apache Tomcat: 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0 M1 to 9.0.98.
Respective fixed versions include:
- 11.0.3 or later
- 10.1.35 or later
- 9.0.99 or later
Discovery and Distribution of the Exploit
Wallarm detected the first attack coming from Poland on March 12, a few days before the first public exploit was released on GitHub.
How the Vulnerability Works
“While this exploit abuses session storage, the bigger issue is partial PUT handling in Tomcat, which allows uploading practically any file anywhere,” Wallarm said in the blog.
Attackers will soon start shifting their tactics, uploading malicious JSP files, modifying configurations, and planting backdoors outside session storage.”
Conclusion
The Apache Tomcat vulnerability has been exploited in the wild, and it is essential to take immediate action to protect your systems. Make sure to update your Tomcat version to the latest fixed version and take necessary security measures to prevent further exploitation.
What versions of Apache Tomcat are affected?
Affected versions include Apache Tomcat: 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0 M1 to 9.0.98.
What are the fixed versions of Apache Tomcat?
Respective fixed versions include 11.0.3 or later, 10.1.35 or later, and 9.0.99 or later.
How did the vulnerability get discovered?
Wallarm detected the first attack coming from Poland on March 12, a few days before the first public exploit was released on GitHub.
How does the vulnerability work?
The vulnerability allows attackers to upload practically any file anywhere, which can lead to the uploading of malicious JSP files, modifying configurations, and planting backdoors outside session storage.
What should I do to protect my systems?
Make sure to update your Tomcat version to the latest fixed version and take necessary security measures to prevent further exploitation.
