Ghostcat (CVE-2020-1938): ongoing scans for unpatched Apache Tomcat servers. Patch now!

A brief update regarding the Ghostcat vulnerability (CVE-2020-1938) that affects Apache Tomcat servers.

According to a tweet by cyber threat intelligence firm Bad Packets, “mass scanning activity targeting this vulnerability has already begun”:

The attack perimeter is huge: according to Shodan [1], more than 890,000 Tomcat servers are currently reachable over the Internet.

More information about patching/mitigations are available on my previous post.

Patch, patch ASAP!


  1. product:”Apache Tomcat” – Shodan Search (login required)
  2. CVE-2020-1938

Further readings

Related posts

  1. Achilles: over 400 vulnerabilities found on Qualcomm’s Snapdragon chip
  2. SIGRed: a 17-year-old wormable vulnerability in Windows DNS server
  3. Beware! A simple wallpaper image can brick your Android device
  4. Thunderspy: a Thunderbolt security flaw that affects all systems released before 2019
  5. New iOS zero-days allows unassisted attacks via