THREATOPS
THREAT OPSCVEs › CVE-2020-1938

CVE-2020-1938 — Apache Tomcat Improper Privilege Management Vulnerability

CISA KEVExploited: confirmedApache

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Vulnerability details