GhostCat: Unauthenticated file read and potential RCE via AJP connector on port 8009 — exposed on thousands of internet-facing Tomcat instances. Disable AJP connector or restrict access to localhost only immediately. Default-enabled in Tomcat for 12 years before patching.
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. GhostCat vulnerability.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →