|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-02-21 | |
| Rule Name: | Apache Tomcat protocol AJP arbitrary file include Vulnerability (CVE-2020-1938) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Apache Tomcat is a lightweight web application server from the Apache Software Foundation. This program implements support for Servlet and JavaServer Page (JSP). File inclusion vulnerabilities exist in Apache Tomcat versions 7.* prior to 7.0.100, 8.* versions prior to 8.5.51, and 9.* versions prior to 9.0.31. An attacker could use this vulnerability to read or include any files in all webapp directories on Tomcat, such as webapp configuration files or source code. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Others | |
| Reference: | https://mp.weixin.qq.com/s/qIG_z9imxdLUobviSv7knw |
|
| Solutions |
|---|
| Update Tomcat version to 9.0.31, 8.5.51, 7.0.100 or upgrade patches to fix vulnerabilities, please visit: http://tomcat.apache.org/ |