The affected versions include Apache Tomcat: 11.0.0-M1 to 11.0.2,10.1.0-M1 to 10.14, and 9.0.0 m1 to 9.0.98. The appointed versions include 11.0.3 or later, 10.1.35 or later, and 9.0.99 or later.
The Wallarm has received the first attack from Poland on March 12, a few days before the first public release in GitTub.
“While this exploits the maintenance session, the main issue is set to manage to Tomcat, which allows for loading any file anywhere,” said Wallarm on the blog. “The attackers will begin immediately to modify their tricks, loading jsp files, changing the configuration, and planted backdoors without session session.”
Source link