Lucene search
K

4 matches found

Gitee
Gitee
added 2021/05/08 5:29 p.m.6 views

Exploit for CVE-2020-1938

It is an exploit module/toolkit targeting Apache Tomcat. The primary CVE ID is CVE-2020-1938, also known as CNVD-2020-10487. The vulnerability class is Local File Inclusion LFI. The probable entry point is the poc.py script, which is typically invoked by running python poc.py with the required...

9.8CVSS7.3AI score0.9927EPSS
Exploits45
Github Security Blog
Github Security Blog
added 2020/06/15 6:51 p.m.337 views

Improper Privilege Management in Tomcat

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS9.3AI score0.9927EPSS
Exploits45References92Affected Software1
Vulnrichment
Vulnrichment
added 2020/04/21 7:1 p.m.39 views

CVE-2020-10569

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...

7.7AI score0.03176EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:7 p.m.32 views

Security Bulletin: IBM InfoSphere Metadata Asset Manager is subject to a denial of service vulnerability from its use of Apache Tomcat (CVE-2014-0095)

Summary Apache Tomcat is vulnerable to a denial of service caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. Vulnerability Details CVE ID: CVE-2014-0095 CVSS: CVSS Base Score:...

5CVSS0.7AI score0.08494EPSS
Exploits0Affected Software1
Rows per page
Query Builder