A brief update regarding the Ghostcat vulnerability (CVE-2020-1938) that affects Apache Tomcat servers.

According to a tweet by cyber threat intelligence firm Bad Packets, "mass scanning activity targeting this vulnerability has already begun":


The attack perimeter is huge: according to Shodan [1], more than 890,000 Tomcat servers are currently reachable over the Internet.

More information about patching/mitigations are available on my previous post.

Patch, patch ASAP!


  1. product:"Apache Tomcat" - Shodan Search (login required)
  2. CVE-2020-1938

Further readings