Rewterz Threat Alert – Trickbot is Back
January 18, 2021Rewterz Threat Alert – APT-C-41 StrongPity – IOCs
January 18, 2021Rewterz Threat Alert – Trickbot is Back
January 18, 2021Rewterz Threat Alert – APT-C-41 StrongPity – IOCs
January 18, 2021Severity
High
Analysis Summary
CVE-2021-24122
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network location using the NTFS file system. By sending a specially-crafted request, an attacker could exploit this vulnerability to view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system.
Impact
Information disclosure
Affected Vendors
Apache Tomcat
Affected Products
- Apache Tomcat 7.0.0
- Apache Tomcat 9.0.0 M1
- Apache Tomcat 8.5.0
- Apache Tomcat 8.5.59
- Apache Tomcat 9.0.39
- Apache Tomcat 10.0.0-M9
- Apache Tomcat 7.0.106
Remediation
Upgrade to the latest version of Apache Tomcat (7.0.107, 8.5.60, 9.0.40, 10.0.0-M10 or later).