CVE-2020-1938 - Apache Tomcat Improper Privilege Management Vulnerability
Project:Apache
Product:Tomcat
Date Added:2022-03-03Due Date:2022-03-17
Vulnerability Name
Apache Tomcat Improper Privilege Management Vulnerability
Description
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1938