Ghostcat (CVE-2020-1938): ongoing scans for unpatched Apache Tomcat servers. Patch now!

A brief update regarding the Ghostcat vulnerability (CVE-2020-1938) that affects Apache Tomcat servers.

According to a tweet by cyber threat intelligence firm Bad Packets, “mass scanning activity targeting this vulnerability has already begun”:

The attack perimeter is huge: according to Shodan [1], more than 890,000 Tomcat servers are currently reachable over the Internet.

More information about patching/mitigations are available on my previous post.

Patch, patch ASAP!


  1. product:”Apache Tomcat” – Shodan Search (login required)
  2. CVE-2020-1938

Further readings

Related posts

  1. Load Value Injection (CVE-2020-0551): a new Side-Channel attack affects Intel’s CPUs
  2. Ghostcat (CVE-2020-1938), a brand-new file inclusion vulnerability in Apache Tomcat
  3. SweynTooth: Bluetooth vulnerabilities expose many BLE devices to attacks
  4. CVE-2019-18426: WhatsApp bug allowed remote access to users computers with just a text message
  5. Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances