Cyber forensics course experts from the International Institute of Cyber Security (IICS) report that Apache Software Foundation (ASF) is launching new versions of Tomcat, its application server. According to experts, this is due to the presence of a vulnerability that would allow a remote hacker to execute malicious code and take control of the compromised server.
Tomcat is a development of ASF; it is an open
source web server and a servlet system that uses several Java specs, such as
Java Servlet, JavaServer Pages, and Expression Language to provide an HTTP
server environment where Java can be run.
The Remote Code execution Vulnerability
(identified as CVE-2019-0232) resides in the Common Gateway Interface (CGI)
Servlet when running on Windows
with enableCmdLineArguments enabled; the vulnerability occurs because of an
error in how the Java runtime environment passes the command-line arguments to
Windows, reported cyber forensics course specialists.
The remote code execution vulnerability
has been rated ‘important, but not critical’ because both the CGI Servlet and
the enableCmdLineArguments option are disabled by default in Apache Tomcat
versions 9.0.x. In Addition, ASF reported that, as a security measure, the
enableCmdLineArguments option of the CGI servlet will be disabled by default in
all versions of Apache Tomcat.
Cyber forensics specialists mention that, if
successfully exploited, this vulnerability would allow a threat actor to
execute arbitrary commands on a specific Windows server running the vulnerable
version of Apache Tomcat, which could completely compromise the attacked server.
ASF mentions that Tomcat security managers
received the vulnerability report early in the month of March; the
vulnerability was publicly disclosed in recent days, after Apache published the
corresponding update patches.
ASF has recommended that administrators install
these fixes as soon as possible; if it is not possible to update the systems
immediately, it is recommended to ensure that enableCmdLineArguments of the CGI
initialization parameter is false.
