[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

AJP request injection vulnerability in Tomcat when using VirtualDirContext - CVE-2020-1938

ID: oval:org.secpod.oval:def:61624Date: (C)2020-03-02   (M)2024-02-19
Class: VULNERABILITYFamily: unix




The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows remote attackers to execute code.

Platform:
Debian 8.x
Debian 9.x
Debian 10.x
Product:
tomcat7
tomcat8
tomcat9
libservlet3.0-java
Reference:
CVE-2020-1938
CVE    1
CVE-2020-1938
CPE    7
cpe:/o:debian:debian_linux:10.x
cpe:/a:apache:libservlet3.0-java
cpe:/o:debian:debian_linux:8.x
cpe:/a:apache:tomcat9
...

© SecPod Technologies