On February 20, cnvd (national information security vulnerability sharing platform) announced that Apache tomcat, a well-known Web application server, was found to have a File Inclusion Vulnerability. An attacker could illegally read the web directory file on the affected Apache Tomcat server, or even further execute arbitrary code, threatening information security. This vulnerability will affect about 80000 servers around the world.
Apache Tomcat is a free open source web application server, which is widely used in small and medium-sized enterprises and individual development users. Due to a file inclusion flaw in the AJP service (Port 8009) opened by Tomcat by default, an attacker can construct a malicious request package to perform file inclusion operations, and then read the web directory file on the affected Tomcat server. It is understood that Apache Tomcat 6, Apache Tomcat 7 7.0.100, Apache Tomcat 8 8.5.51, Apache Tomcat 9 9 9.0.31 and other versions will be affected by this vulnerability. According to the latest data provided by Tencent security network asset risk detection system (Tencent Yuzhi), the number of domestic IP adopting AJP protocol is 38283, and the total number of the whole network is 80781. Tencent security network assets risk detection system can be used by enterprise network management to comprehensively detect whether the enterprise network assets are affected by the vulnerability.
At present, Apache has released a new version to fix the vulnerability: Apache Tomcat 7.0.100, Apache Tomcat 8.5.51 and Apache Tomcat 9.0.31. Experts from Tencent Security Threat Intelligence Center suggest that users upgrade to the Security version as soon as possible. For users who can't upgrade temporarily and don't use AJP protocol, experts suggest closing ajpconnector directly or changing their listening address to only listen to local host of the machine. For users who use AJP protocol, experts recommend that AJP connector be configured with secret to set authentication credentials of AJP protocol on the basis of upgrade; if it is unable to upgrade immediately, AJP connector be configured with requiredsecret to set authentication credentials of AJP protocol.
At present, Tencent security has also launched an emergency response plan for this vulnerability, and has pushed the security notice information of "Apache Tomcat file contains vulnerability" to the government and enterprise users through its security products to remind the government and enterprise users to complete the repair as soon as possible and prevent possible hacker attacks.
At the same time, Tencent security advanced threat detection system (Tencent Royal) has been upgraded immediately to detect attacks against this vulnerability.
In addition, Tencent security network asset risk detection system (Tencent Yuzhi), as a product that automatically detects and identifies enterprise network assets and risks, can help enterprise users carry out multiple asset risk detection including weak password detection, web vulnerability scanning, illegal sensitive content detection, website usurpation detection, hanging horse mining detection, etc. Tencent security network assets risk detection system can be used by enterprise network management to comprehensively detect whether the enterprise network assets are affected by the vulnerability. Click "scan now" in the security notification message of the system to comprehensively test the security status of the customer's assets.
(responsibility: admin)