There is a file inclusion vulnerability in the implementation of the AJP protocol in Apache Tomcat. Attackers can send malicious AJP requests to exploit this vulnerability. Successful exploit could cause the remote attacker read any file in a specified directory without authorization. (Vulnerability ID: HWPSIRT-2020-02140)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1938.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-01-tomact-en

CPENameOperatorVersion
smsgweqV100R001C01LG0701
smsgweqV100R001C01LG0801
smsgweqV100R001C01LG0901
smsgweqV100R002C11LG1901
smsgweqV100R002C11LG2501
smsgweqV100R002C11LG2601
smsgweqV100R002C11LG3001
smsgweqV100R002C11LG3201
smsgweqV100R002C11LG3501
smsgweqV100R002C11LG3701

Name	Operator	Version
smsgw	eq	V100R001C01LG0701
smsgw	eq	V100R001C01LG0801
smsgw	eq	V100R001C01LG0901
smsgw	eq	V100R002C11LG1901
smsgw	eq	V100R002C11LG2501
smsgw	eq	V100R002C11LG2601
smsgw	eq	V100R002C11LG3001
smsgw	eq	V100R002C11LG3201
smsgw	eq	V100R002C11LG3501
smsgw	eq	V100R002C11LG3701

Rows per page:

1-10 of 811

fedora 3

ibm 7

veracode 1

nessus 45

osv 6

myhack58 1

threatpost 8

ubuntucve 1

centos 2

oraclelinux 2

githubexploit 9

openvas 29

cvelist 2

rapid7blog 1

cve 1

github 1

redhat 16

cgr 1

qualysblog 2

prion 2

cisa_kev 1

f5 1

debiancve 1

checkpoint_advisories 1

attackerkb 2

redhatcve 2

trendmicroblog 1

kaspersky 1

tomcat 3

debian 2

mageia 1

amazon 3

photon 5

thn 2

gentoo 1

atlassian 5

symantec 1

hackerone 1

trellix 2

ics 1

rocky 1

kitploit 1

oracle 3

fedora

[SECURITY] Fedora 30 Update: tomcat-9.0.31-2.fc30

2020-04-02 09:19:40

[SECURITY] Fedora 32 Update: tomcat-9.0.31-2.fc32

2020-03-31 00:18:31

[SECURITY] Fedora 31 Update: tomcat-9.0.31-2.fc31

2020-04-02 09:56:06

ibm

Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.

2020-05-12 09:51:01

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Spectrum Protect Plus (CVE-2020-1938)

2020-06-12 20:32:51

Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1938)

2020-07-24 22:19:08

veracode

Authentication Bypass

2020-02-25 05:53:16

nessus

NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Vulnerability (NS-SA-2020-0038)

2020-09-07 00:00:00

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-1327)

2020-03-23 00:00:00

Scientific Linux Security Update : tomcat on SL7.x (noarch) (20200317)

2020-03-18 00:00:00

osv

CVE-2020-1938

2020-02-24 22:15:12

Improper Privilege Management in Tomcat

2020-06-15 18:51:21

BIT-tomcat-2020-1938

2024-03-06 11:11:29

myhack58

Apache Tomcat from file contains to RCE exploit the principle of in-depth analysis-vulnerability warning-the black bar safety net

2020-03-17 00:00:00

threatpost

Wordpress Yellow Pencil Plugin Flaws Actively Exploited

2019-04-12 14:13:06

Weather Channel Knocked Off-Air in Dangerous Precedent

2019-04-18 20:21:21

Apache Tomcat Exploit Poised to Pounce, Stealing Files

2020-03-23 20:56:37

ubuntucve

CVE-2020-1938

2020-02-24 00:00:00

centos

tomcat6 security update

2020-03-25 19:21:34

tomcat security update

2020-03-25 19:05:03

oraclelinux

tomcat security update

2020-03-22 00:00:00

tomcat6 security update

2020-03-23 00:00:00

githubexploit

Exploit for CVE-2020-1938

2021-08-14 17:32:51

Exploit for CVE-2020-1938

2021-10-08 04:20:43

Exploit for CVE-2020-1938

2021-03-28 03:30:44

openvas

CentOS: Security Advisory for tomcat (CESA-2020:0855)

2020-03-26 00:00:00

Apache Tomcat AJP RCE Vulnerability (Ghostcat)

2020-02-21 00:00:00

Fedora: Security Advisory for tomcat (FEDORA-2020-0e42878ba7)

2020-03-31 00:00:00

cvelist

CVE-2020-1938

2020-02-24 21:19:18

CVE-2020-10569

2020-04-21 19:01:37

rapid7blog

Metasploit Wrap-Up

2020-12-04 19:27:53

cve

CVE-2020-1938

2020-02-24 22:15:12

github

Improper Privilege Management in Tomcat

2020-06-15 18:51:21

redhat

(RHSA-2020:1479) Important: Red Hat JBoss Enterprise Application Platform 6.4 security update

2020-04-14 20:43:25

(RHSA-2020:1478) Important: Red Hat JBoss Enterprise Application Platform 6.4 security update

2020-04-14 20:43:24

(RHSA-2020:0855) Important: tomcat security update

2020-03-17 13:10:46

cgr

CVE-2020-1938 vulnerabilities

2024-05-19 03:07:16

qualysblog

Detect Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys WAS

2020-03-10 22:09:59

Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR

2020-03-06 01:11:07

prion

Default configuration

2020-02-24 22:15:00

Design/Logic Flaw

2020-04-21 19:15:00

cisa_kev

Apache Tomcat Improper Privilege Management Vulnerability

2022-03-03 00:00:00

K53254186 : Apache Tomcat vulnerability CVE-2020-1938

2020-03-04 00:00:00

debiancve

CVE-2020-1938

2020-02-24 22:15:12

checkpoint_advisories

Apache Tomcat AJP File Inclusion (CVE-2020-1938; CVE-2022-26377)

2020-02-25 00:00:00

attackerkb

CVE-2020-10569

2020-04-21 00:00:00

CVE-2020-1938

2020-02-24 00:00:00

redhatcve

CVE-2020-1745

2020-02-26 04:10:51

CVE-2020-1938

2020-02-24 06:10:47

trendmicroblog

This Week in Security News: Operation Overtrap Targets Japanese Online Banking Users and Everything You Need to Know About Tax Scams

2020-03-13 12:40:26

kaspersky

KLA11679 Multiple vulnerabilities in Apache Tomcat

2020-02-24 00:00:00

tomcat

Fixed in Apache Tomcat 8.5.51

2020-02-11 00:00:00

Fixed in Apache Tomcat 9.0.31

2020-02-11 00:00:00

Fixed in Apache Tomcat 7.0.100

2020-02-14 00:00:00

debian

[SECURITY] [DSA 4673-1] tomcat8 security update

2020-05-03 18:29:38

[SECURITY] [DSA 4680-1] tomcat9 security update

2020-05-06 20:58:40

mageia

Updated tomcat packages fix security vulnerabilities

2020-03-10 22:04:50

amazon

Important: tomcat7

2020-03-09 19:20:00

Important: tomcat8

2020-03-09 19:21:00

Important: tomcat

2020-03-09 19:23:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0285

2020-03-20 00:00:00

Critical Photon OS Security Update - PHSA-2020-0285

2020-03-09 00:00:00

Critical Photon OS Security Update - PHSA-2020-0218

2020-03-09 00:00:00

thn

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat

2020-02-28 13:00:00

Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems

2021-07-09 07:00:00

gentoo

Apache Tomcat: Multiple vulnerabilities

2020-03-19 00:00:00

atlassian

Upgrade Tomcat to version 8.5.75 - CVE-2020-9484/CVE-2022-23181

2022-01-27 13:24:58

Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418

2020-01-15 15:29:54

The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569

2020-04-30 09:04:13

symantec

Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020

2020-05-12 19:02:01

hackerone

U.S. Dept Of Defense: Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE

2020-05-14 19:38:44

trellix

Connected Healthcare: A Cybersecurity Battlefield We Must Win

2022-06-06 00:00:00

Connected Healthcare: A Cybersecurity Battlefield We Must Win

2022-06-06 00:00:00

ics

Philips Vue PACS (Update C)

2023-02-21 12:00:00

rocky

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

kitploit

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - October 2020

2020-10-20 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.974 High

EPSS

Percentile

99.9%

JSON

Related for HUAWEI-SA-20200715-01-TOMACT