Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Apache Tomcat vulnerabilities are well known and an unauthenticated attacker can easily access servers exposed to the internet. An attacker can steal sensitive information, gain control of a device, or launch additional attacks on the network.
Kill Chain
Risk Score
83
Apache Tomcat is an open-source implementation of a Java servlet container for hosting web applications. Tomcat enables Java code to run on a server. Vulnerabilities in Tomcat enable an attacker to upload a malicious Java Server Page (JSP) file with a script or command-line tool through a modified URL. The attacker runs the script by calling the URL of the malicious JSP file. Depending on the sophistication of the payload containing the code, the attacker might be able to exfiltrate data or leverage a web shell to run commands on the server.
Install patches for relevant versions, or make the following configuration changes:
Configure default settings in conf/web.xml to disable the HTTP PUT method
Configure the default servlet contexts in conf/web.xml to the value of readonly=true
Enforce authentication roles in conf/web.xml by enabling the security constraint setting, <auth-constraint>
Confirm that application-level settings in WEB-INF/web.xml do not override default Tomcat configurations
