This document explains the CVE-2020-1938 GhostCat vulnerability that have been reported.
Vulnerability ID : CVE-2019-12133
Update Release build : 100452
Update Release Date : 06-March-2020
Reported by: Chaitin Tech, China
GhostCat affects the default configuration of Tomcat servers. It is related to the Apache JServ Protocol (AJP) protocol. The AJP connector used by Tomcat is affected in such a way that it can be exploited by an unauthenticated attacker to access configuration and source code files for web applications deployed on a server. If the system allows users to upload files, an attacker can upload malicious JavaServer Pages (JSP) code to the server and use Ghostcat to execute that code.
The issue has been resolved and the relevant fixes are available in the latest Remote Access Plus build. Visit the Remote Access Plus service packs page, download the latest PPM and update.
Keywords: GhostCat, Security Updates, Vulnerabilities and Fixes.
Note: This issue is not applicable to Remote Access Plus Cloud.