4 matches found
Exploit for CVE-2020-1938
It is an exploit module/toolkit targeting Apache Tomcat. The primary CVE ID is CVE-2020-1938, also known as CNVD-2020-10487. The vulnerability class is Local File Inclusion LFI. The probable entry point is the poc.py script, which is typically invoked by running python poc.py with the required...
Improper Privilege Management in Tomcat
When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...
CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...
Security Bulletin: IBM InfoSphere Metadata Asset Manager is subject to a denial of service vulnerability from its use of Apache Tomcat (CVE-2014-0095)
Summary Apache Tomcat is vulnerable to a denial of service caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. Vulnerability Details CVE ID: CVE-2014-0095 CVSS: CVSS Base Score:...