GhostCat: Unauthenticated file read and potential RCE via AJP connector on port 8009 — exposed on thousands of internet-facing Tomcat instances. Disable AJP connector or restrict access to localhost only immediately. Default-enabled in Tomcat for 12 years before patching.
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. GhostCat vulnerability.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →