Apache Tomcat is a Servlet container developed by the Jakarta project, which is a part of the Apache Software Foundation. By default, Apache Tomcat uses AJP connectors to exchange data with other web servers.

Due to a defect in the AJP protocol, attackers can use AJP connectors to read or include all files in the webapp directory. If the target application allows for file uploads, attackers can upload malicious code and execute it remotely. Attackers can exploit this vulnerability if the AJP service is enabled and the service port is exposed. (By default, Apache Tomcat enables the AJP service and binds the service port to 0.0.0.0.)

Scope of impact: Tomcat 6.x.x, 7.x.x, 8.x.x, and 9.x.x with the AJP service enabled

Risk level: high

Rule-based defense: A virtual patch is available in Cloud Firewall to address this vulnerability.

Rule type: command execution

Security suggestions: Upgrade Apache Tomcat or use the intrusion prevention function in Cloud Firewall to protect your servers.