IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the following vulnerabilities reported in Apache Tomcat.
CVEID:CVE-2020-1938
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file read/inclusion vulnerability in the AJP connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to read web application files from a vulnerable server and upload malicious JavaServer Pages (JSP) code within a variety of file types and execute arbitrary code on the system. Note: This vulnerability is known as Ghostcat.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176562 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
WebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0
WebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2
App Connect Professional v 7.5.2.0
App Connect Professional v 7.5.3.0
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM WebSphere Cast Iron | 7.0.0.0 | ||
7.0.0.1 | |||
7.0.0.2 | LI81465 | 7002 Fixcentral Link | |
IBM WebSphere Cast Iron | 7.5.0.0 | ||
7.5.0.1 | |||
7.5.1.0 | LI81465 | 7510 fixcentral Link | |
App Connect Professional | 7.5.2.0 | LI81465 | 7520 Fixcentral link |
App Connect Professional | 7.5.3.0 | LI81465 | 7530 Fixcentral link |
None