There is a file inclusion vulnerability in the implementation of the AJP protocol in Apache Tomcat. Attackers can send malicious AJP requests to exploit this vulnerability. Successful exploit could cause the remote attacker read any file in a specified directory without authorization. (Vulnerability ID: HWPSIRT-2020-02140)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1938.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-01-tomact-en