Apache Tomcat Security Vulnerabilities

This week, the Alert Logic team highlights more details about Equifax Breach and vulnerabilities in Apache Tomcat.

Malware

Vulnerabilities in Apache Tomcat

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorized attacker to execute malicious code on affected servers remotely.

Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications and provides a "pure Java" HTTP web server environment for Java concept to run in.

The critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617) discovered in Apache Tomcat is due to insufficient validation of user-supplied input by the affected software.

References: Apache Tomcat | Apache Tomcat: Important: Remote Code Execution | Apache Tomcat Patches Important Remote Code Execution Flaw

Data Breach

Equifax Shares More Details About Breach

Customer data that was compromised during a massive breach of Equifax's systems was not encrypted, the company's ex-CEO told a congressional committee on September 26.

During a three-hour hearing before the House Energy and Commerce Committee, Richard Smith blamed the massive hack on a combination of failed technology and human error.

Equifax’s security team discovered that the attackers had exploited an Apache Struts flaw to access its systems on May 13. The vulnerability in question, CVE-2017-5638, has been exploited in the wild since the first half of March.

Equifax said its team had known about the Struts vulnerability since it was disclosed and it took steps to patch systems. Even if the data were encrypted, however, the application that the hackers exploited would still have had access to it.

References: Fact Checking the Equifax Data Breach Story | Former Equifax CEO Apologizes for Data Breach | Equifax Was Warned About Vulnerability But Failed To Patch It

Blog Series

5 Tips For Protecting SQL Based Cloud Deployed Web Applications

Alert Logic’s Michael Farnum and Joe Hitchcock lay out the key elements of effective security for web applications in a SQL-based cloud environment in this 5-part blog series.

This Week's Suspicious IP Addresses

185.94.111.1 185.35.63.129
185.35.63.14 185.35.63.127
113.106.202.61 153.174.207.67

*IP addresses provided by Recorded Future.