Tag
ghostcat
Safeguard articles tagged "ghostcat" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Vulnerability Analysis
Ghostcat: Apache Tomcat AJP File Read and RCE (CVE-2020-1938) Explained
CVE-2020-1938 turned Tomcat's default AJP connector into a file-disclosure and RCE primitive. Here's how the request-attribute abuse works and how to shut it down.
Jul 1, 20266 min read
Vulnerability Analysis
Ghostcat Apache Tomcat AJP file read/RCE (CVE-2020-1938)
CVE-2020-1938 'Ghostcat' exposes Apache Tomcat's AJP connector to file read and RCE. Here's the ghostcat tomcat AJP vulnerability impact and how to fix it.
Jan 17, 20267 min read
Vulnerability Analysis
CVE-2020-1938 (Ghostcat): File inclusion via Apache Tomca...
Ghostcat (CVE-2020-1938) let attackers read files—and often achieve RCE—via Tomcat's default, unauthenticated AJP connector. Here's the risk, fix, and KEV context.
Sep 24, 20257 min read