PT-2020-1704 · Apache+5 · Apache Tomcat+5

Published

2020-02-11

·

Updated

2026-05-18

·

CVE-2020-1938

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.99 Apache Tomcat versions 8.5.0 through 8.5.50 Apache Tomcat versions 9.0.0.M1 through 9.0.0.30
Description The issue is related to the Apache JServ Protocol (AJP) connector in Apache Tomcat, which can allow an attacker to read arbitrary files from anywhere in the web application, including under the WEB-INF and META-INF directories, as well as process any file in the web application as a JSP, potentially leading to remote code execution. This can occur if the AJP port is accessible to untrusted users. The vulnerability can be exploited by sending a request to the AJP port, allowing the attacker to read and execute files on the server.
Recommendations To resolve the issue, upgrade to Apache Tomcat 7.0.100 or later. To resolve the issue, upgrade to Apache Tomcat 8.5.51 or later. To resolve the issue, upgrade to Apache Tomcat 9.0.31 or later. As a temporary workaround, consider disabling the AJP Connector to prevent exploitation until a patch is available.

Exploit

Fix

Information Disclosure

Improper Authorization

Improper Privilege Management

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-285CWE-269CWE-20

Related Identifiers

AJPCVE2020_1938
ALSA-2020_4751
ALSA-2025_1210
ALSA-2025_1215
ALSA-2025_1300
ALSA-2025_1301
ALSA-2025_1306
ALSA-2025_1309
ALSA-2025_1314
ALSA-2025_1329
ALSA-2025_1338
ALSA-2025_1346
ALSA-2025_16880
ALT-PU-2020-2892
ALT-PU-2020-3213
ALT-PU-2021-2858
BDU:2020-00937
BDU:2020-02853
BIT-TOMCAT-2020-1938
CESA-2020_0855
CESA-2020_0912
CESA-2020_4847
CVE-2020-1938
DLA-2133-1
DLA-2209-1
DSA-4673-1
DSA-4680-1
ELSA-2020-0855
ELSA-2020-0912
GHSA-C9HW-WF7X-JP9J
GHSA-GV2W-88HX-8M9R
MGASA-2020-0138
OPENSUSE-SU-2020:0345-1
OPENSUSE-SU-2020:0597-1
OPENSUSE-SU-2020_0345-1
OPENSUSE-SU-2020_0597-1
OPENSUSE-SU-2024:11468-1
OPENSUSE-SU-2024:13441-1
RHSA-2020:0813
RHSA-2020:0855
RHSA-2020:0861
RHSA-2020:0912
RHSA-2020:0962
RHSA-2020:1478
RHSA-2020:1520
RHSA-2020:2058
RHSA-2020:2059
RHSA-2020:2060
RHSA-2020:2511
RHSA-2020:2512
RHSA-2020:2513
RHSA-2020:2779
RHSA-2020:2780
RHSA-2020:2781
RHSA-2020:2840
RHSA-2020:4847
RHSA-2020_0855
RHSA-2020_0912
RHSA-2020_4847
RHSA-2024:5856
RLSA-2020:4847
RLSA-2020_4847
SUSE-SU-2020:0598-1
SUSE-SU-2020:0631-1
SUSE-SU-2020:0632-1
SUSE-SU-2020:0725-1
SUSE-SU-2020:0806-1
SUSE-SU-2020:1111-1
SUSE-SU-2020:1126-1
SUSE-SU-2020:1272-1
SUSE-SU-2020:14334-1
SUSE-SU-2020:14342-1
SUSE-SU-2020_0598-1
SUSE-SU-2020_0631-1
SUSE-SU-2020_0632-1
SUSE-SU-2020_0725-1
SUSE-SU-2020_0806-1
SUSE-SU-2020_1111-1
SUSE-SU-2020_1126-1
SUSE-SU-2020_1272-1
SUSE-SU-2020_14334-1
SUSE-SU-2020_14342-1

Affected Products

Alt Linux
Apache Tomcat
Centos
Red Hat
Rocky Linux
Suse