Ghostcat vulnerability is a high-risk file read/include vulnerability tracked as CVE-2020-1938. The vulnerability is present in the Apache JServ Protocol (AJP) of Apache Tomcat between versions 6.x and 9.x. The developers have released versions 7.0.100, 8.5.51, and 90.31 to patch the vulnerability. An attacker can read the contents of configuration files and source code files of all webapps deployed on Tomcat.
Source: https://www.bleepingcomputer.com/news/security/active-scans-for-apache-tomcat-ghostcat-vulnerability-detected-patch-now/