This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AJP_LFI_GHOSTCAT.NBINApache Tomcat AJP Connector Request Injection (Ghostcat)
A file read/inclusion vulnerability was found in AJP connector. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and gain remote code execution (RCE).
Binary data ajp_lfi_ghostcat.nbinReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
www.nessus.org/u?2a01d6bf
www.nessus.org/u?3b5af27e
www.nessus.org/u?4e287adb
www.nessus.org/u?5eafcf70
www.nessus.org/u?8ebe6246
www.nessus.org/u?9dab109f
www.nessus.org/u?cbc3d54e
www.nessus.org/u?dd218234
www.nessus.org/u?dd772531
access.redhat.com/security/cve/CVE-2020-1745
access.redhat.com/solutions/4851251