Apache Tomcat vulnerability sparks global wave of attacks

Threat Actors Rapidly Exploit New Apache Tomcat Flaw Following PoC Release

A newly discovered vulnerability in Apache Tomcat has been rapidly exploited by threat actors in the wild, according to security experts. The flaw, tracked as CVE-2021-41064, was disclosed just days ago, and a proof-of-concept (PoC) exploit was released shortly thereafter.

The vulnerability, a remote code execution (RCE) flaw, affects Apache Tomcat 10.0.0 to 10.1.0 and earlier versions. It allows an unauthenticated attacker to inject malicious code on a vulnerable server, potentially leading to complete control of the system.

Researchers from the security firm, Ripsaw, discovered the vulnerability and released a PoC exploit, which sparked a flurry of activity among threat actors. The PoC exploit has been widely shared and is now being used to launch attacks on vulnerable Apache Tomcat servers.

"We've seen a significant increase in exploitation attempts since the PoC was released," said a security researcher at Ripsaw. "The vulnerability is being actively exploited in the wild, and we expect to see even more attacks as the PoC is shared further."

Apache has released an advisory and a patch for the vulnerability, urging users to update to a patched version of Tomcat as soon as possible. The company has also released a fix for the vulnerability, which is available for download.

In the meantime, security experts are urging users to take immediate action to patch their systems and prevent exploitation. "This is a serious vulnerability that can have severe consequences if left unpatched," said another security researcher. "We urge all users to update to a patched version of Tomcat as soon as possible to prevent attacks."