CVE-2020-1938CISA KEV: Actively Exploited

Apache Tomcat Improper Privilege Management Vulnerability

Published Mar 3, 2022·Updated Mar 3, 2022

Description

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Public Exploits & PoCs38 found

PoC: CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner

Cnvd-2020-10487 / cve-2020-1938, scanner tool

262

PoC: Ghostcat-CNVD-2020-10487

Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)

249

PoC: CNVD-2020-10487-Tomcat-ajp-POC

CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc

97

PoC: AttackTomcat

Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆破、CVE-2020-1938 Tomcat AJP文件读取/包含

42

PoC: CVE-2020-1938-Tomact-file_include-file_read

Tomcat的文件包含及文件读取漏洞利用POC

37

PoC: CVE-2020-1938

CVE-2020-1938漏洞复现

35

PoC: GhostCat-LFI-exp

CVE-2020-1938

13

PoC: CVE-2020-1938TomcatAjpScanner

批量扫描TomcatAJP漏洞

12

PoC: CVE-2020-1938

在一定条件下可执行命令

9

PoC: CVE-2020-1938-Clean-Version

CVE-2020-1938(GhostCat) clean and readable code version

7

PoC: CNVD-2020-10487

CVE-2020-1938 / CNVD-2020-1048 Detection Tools

6

PoC: CVE-2020-1938-Tool

批量检测幽灵猫漏洞

4

PoC: CNVD-2020-10487-Bulk-verification

CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本,批量验证,并自动截图,方便提交及复核

3

PoC: ghostcat-verification

Learnings on how to verify if vulnerable to Ghostcat (aka CVE-2020-1938)

2

PoC: CVE-2020-1938Scan

-H 192.168.1.1-192.168.5.255

1

PoC: ghostcat

An implementation of CVE-2020-1938

1

PoC: CVE-2020-1938

Scanner for CVE-2020-1938

1

PoC: Ghostcat

CVE-2020-1938 exploit

1

PoC: Tomcat-AJP-CVE-2020-1938

Tomcat AJP文件读取/包含漏洞

PoC: ghostcat

CVE-2020-1938 Exploit

PoC: Ghostcat-Tomcat-AJP-Exploit-Py3

A fully refactored, Python 3 compatible exploit script for Tomcat Ghostcat (CVE-2020-1938 / CNVD-2020-10487) AJP Local File Inclusion

PoC: Scanning

Analysis of network scan results, service vulnerabilities, OS fingerprinting, and critical Nessus findings including Ghostcat (CVE-2020-1938).

PoC: CVE-2020-1938-Tomcat-AJP-Ghostcat--Analysis

CVE-2020-1938-Tomcat-AJP(Ghostcat)-Analysis

PoC: CVE-2020-1938

Apache Tomcat(CVE-2020-1938)漏洞验证脚本

PoC: CVE-2020-1938_Ghostcat-PoC

Apache Tomcat AJP Ghostcat (CVE-2020-1938) exploit tool for file disclosure with multi-target scanning, custom wordlists, and upload point detection capabilities

PoC: CNVD

Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)

PoC: Apache-Tomcat-Ghostcat-Vulnerability

Apache Tomcat vulnerable to Ghostcat (CVE-2020-1938).

PoC: poc-CVE-2020-1938

poc-CVE-2020-1938

PoC: poc-CVE-2020-1938

cve-2020-1938 POC, updated version

PoC: CVE-2020-1938-Exploit

This is exploit of CVE-2020-1938 Ghostcat-Apache Tomcat Vulnerability

PoC: cve-2020-1938

cve-2020-1938 Tomcat-Ajp-lfi.git脚本

PoC: CVE-2020-1938

This is a modified version of the original GhostCat Exploit

PoC: CVE-2020-1938-MSF-MODULE

Modified version of auxiliary/admin/http/tomcat_ghostcat, it can Read any file

PoC: ghostcatch

Disables AJP connectors to remediate CVE-2020-1938!

PoC: CVE-2020-1938

This is about CVE-2020-1938

PoC: GhostCat-LFI-exp

CVE-2020-1938

PoC: Ghostcat-CVE-2020-1938

Test Explo for Ghostcat CVE-2020-1938

PoC: CVE-2020-1938

CVE-2020-1938

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free