Safeguard
Tag

apache-tomcat

Safeguard articles tagged "apache-tomcat" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Vulnerability Analysis

Ghostcat: Apache Tomcat AJP File Read and RCE (CVE-2020-1938) Explained

CVE-2020-1938 turned Tomcat's default AJP connector into a file-disclosure and RCE primitive. Here's how the request-attribute abuse works and how to shut it down.

Jul 1, 20266 min read
Vulnerability Analysis

Ghostcat Apache Tomcat AJP file read/RCE (CVE-2020-1938)

CVE-2020-1938 'Ghostcat' exposes Apache Tomcat's AJP connector to file read and RCE. Here's the ghostcat tomcat AJP vulnerability impact and how to fix it.

Jan 17, 20267 min read
Vulnerability Analysis

CVE-2020-1938 (Ghostcat): File inclusion via Apache Tomca...

Ghostcat (CVE-2020-1938) let attackers read files—and often achieve RCE—via Tomcat's default, unauthenticated AJP connector. Here's the risk, fix, and KEV context.

Sep 24, 20257 min read
Vulnerability Analysis

CVE-2021-33037: HTTP request smuggling in Apache Tomcat

CVE-2021-33037 let malformed HTTP trailers desync Apache Tomcat from front-end proxies, enabling request smuggling. Here's what's affected and how to remediate.

Sep 24, 20257 min read
Vulnerability Analysis

CVE-2019-0232: Remote code execution in Apache Tomcat CGI...

CVE-2019-0232 lets attackers execute arbitrary commands on Windows-hosted Apache Tomcat via the CGI Servlet. Here's the CVSS 9.8 detail, affected versions, and fixes.

Sep 24, 20258 min read
Vulnerability Analysis

CVE-2020-9484: Deserialization RCE via Apache Tomcat Pers...

A deep dive into CVE-2020-9484, the Apache Tomcat PersistenceManager deserialization RCE — affected versions, CVSS/EPSS context, and remediation steps.

Sep 23, 20257 min read
Vulnerability Analysis

CVE-2021-25122: Request mix-up via Apache Tomcat h2c support

CVE-2021-25122 let Apache Tomcat mix up HTTP responses between concurrent users via the h2c upgrade path. Here's the impact, affected versions, and how to remediate.

Sep 23, 20256 min read
apache-tomcat — Safeguard Blog