HC3 Sector Alert TLP Clear: Apache Tomcat Vulnerabilities Sector Alert

Executive Summary

 Tomcat is one of the most popular and widely-deployed web servers and Java-based application servers in the world, heavily leveraged by the U.S. health sector. Like any other software platform, vulnerabilities in Tomcat are constantly being discovered that can make it open to exploitation by cyberattack. Due to its functionality, it is usually exposed directly to the Internet, making it accessible to countless threat actors. This bulletin will provide an overview of Apache Tomcat vulnerabilities, as well as mitigation strategies and an overall approach to keeping it secure.

Tomcat Security Overview 

Tomcat is an open-source web server maintained by the nonprofit Apache Corporation. It is often used for hosting electronic health record (HER) systems, running health information exchange (HIE) systems, hosting laboratory information management systems, hosting and running custom healthcare applications, and supporting telemedicine applications, among other functions. Because Tomcat is so frequently deployed, it has attracted the attention of threat actors. 

Historically Common Tomcat Vulnerability Categories 

As Apache Tomcat is both a commonly deployed platform around the world, and its functionality ensures that it is deployed in a way that makes it Internet accessible, it has drawn the attention of vulnerability researchers and cyber threat actors. As a result, it is not uncommon for vulnerabilities in it to be identified and exploited. Historically, there are categories of vulnerabilities that are most commonly found in Tomcat, and those are listed below with examples. The vulnerabilities below are historic vulnerabilities and should have already been mitigated by vulnerable organizations; our purpose for reviewing them is to demonstrate that they represent some of the historically common Tomcat vulnerabilities.

View the detailed alert below.