CVE-2020-1938

26 documents18 sources

9.8

CVSS

CRITICAL

EPSS94.5%(100th)

CISA KEVPublic ExploitExploited in Wild

CISA Required Action: Apply updates per vendor instructions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages20 packages

▶NVDapache/tomcat7.0.0 — 7.0.100+2

▶Mavenorg.apache.tomcat.embed:tomcat-embed-core9.0.0 — 9.0.31+2

▶Debiantomcat9< 9.0.31-1+3

▶NVDapache/geode1.12.0

▶NVDblackberry/good_control5.2.58.38

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 31, 32

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It ...

NVD ↗MITRE ↗Patch: lists.apache.org ↗Patch: lists.apache.org ↗Patch: lists.apache.org ↗

🔴Vulnerability Details

GHSA

Improper Privilege Management in Tomcat↗2020-06-15

▶

OSV

Improper Privilege Management in Tomcat↗2020-06-15

▶

OSV

CVE-2020-1938: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat↗2020-02-24

▶

CVEList

CVE-2020-1938: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat↗2020-02-24

▶

VulnCheck

Apache Tomcat Improper Privilege Management Vulnerability↗2020

▶

💥Exploits & PoCs

Exploit-DB

Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit)↗2020-11-13

▶

Exploit-DB

Apache Tomcat - AJP 'Ghostcat File Read/Inclusion↗2020-02-20

▶

Nuclei

Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible [401TRG] GhostCat LFI Successful Exploit (CVE-2020-1938)↗2023-06-07

▶

Suricata

ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)↗2020-02-25

▶

📋Vendor Advisories

CISA

Apache Tomcat Improper Privilege Management Vulnerability↗2022-03-03

▶

Red Hat

tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability↗2020-02-20

▶

Debian

CVE-2020-1938: tomcat9 - When using the Apache JServ Protocol (AJP), care must be taken when trusting inc...↗2020

▶

Apache

Apache tomcat: CVE-2020-1938↗

▶

Oracle

Oracle Critical Patch Update - JUL 2020↗

▶

🕵️Threat Intelligence

Trendmicro

Busting Ghostcat: Analysis of CVE-2020-1938↗2020-03-10

▶

Qualys

CVE-2020-1938 | Apache JServ (Protocol v1.3) AJP Vulnerability | Qualys↗2020-03-10

▶

Qualys

Detect Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys WAS↗2020-03-10

▶

Trendmicro

Busting Ghostcat: Analysis of CVE-2020-1938↗2020-03-10

▶

Qualys

Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR | Qualys↗2020-03-06

▶

📄Research Papers

CTF

Easy / tomghost↗

▶

💬Community

StackEx

Is Tomcat vulnerable to "Ghostcat" (CVE-2020-1938) via mod_proxy_ajp?↗2020-03-10

▶

StackEx

Tomcat AJP vulnerability CVE-2020-1938 aka Ghostcat↗2020-02-24

▶