THREAT OPS › CVEs › CVE-2020-1938
CVE-2020-1938 — Apache Tomcat Improper Privilege Management Vulnerability
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
Vulnerability details
- Affected productsTomcat
- KEV remediation due2022-03-17