apache-tomcat
Safeguard articles tagged "apache-tomcat" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Ghostcat: Apache Tomcat AJP File Read and RCE (CVE-2020-1938) Explained
CVE-2020-1938 turned Tomcat's default AJP connector into a file-disclosure and RCE primitive. Here's how the request-attribute abuse works and how to shut it down.
Ghostcat Apache Tomcat AJP file read/RCE (CVE-2020-1938)
CVE-2020-1938 'Ghostcat' exposes Apache Tomcat's AJP connector to file read and RCE. Here's the ghostcat tomcat AJP vulnerability impact and how to fix it.
CVE-2020-1938 (Ghostcat): File inclusion via Apache Tomca...
Ghostcat (CVE-2020-1938) let attackers read files—and often achieve RCE—via Tomcat's default, unauthenticated AJP connector. Here's the risk, fix, and KEV context.
CVE-2021-33037: HTTP request smuggling in Apache Tomcat
CVE-2021-33037 let malformed HTTP trailers desync Apache Tomcat from front-end proxies, enabling request smuggling. Here's what's affected and how to remediate.
CVE-2019-0232: Remote code execution in Apache Tomcat CGI...
CVE-2019-0232 lets attackers execute arbitrary commands on Windows-hosted Apache Tomcat via the CGI Servlet. Here's the CVSS 9.8 detail, affected versions, and fixes.
CVE-2020-9484: Deserialization RCE via Apache Tomcat Pers...
A deep dive into CVE-2020-9484, the Apache Tomcat PersistenceManager deserialization RCE — affected versions, CVSS/EPSS context, and remediation steps.
CVE-2021-25122: Request mix-up via Apache Tomcat h2c support
CVE-2021-25122 let Apache Tomcat mix up HTTP responses between concurrent users via the h2c upgrade path. Here's the impact, affected versions, and how to remediate.