CVE-2020-1938
Published at:
-
24-02-2020 11:15
Last modified:
-
29-04-2022 03:24
Total changes:
-
7
Description
Common Vulnerability Scoring System (CVSS)
LowAttack complexity
NetworkAttack vector
HighAvailability
HighConfidentiality
HighIntegrity
NonePrivileges required
Unchanged
Scope
NoneUser interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
Verification logic
Reference
- [tomcat-announce] 20200224 [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20200225 [jira] [Updated] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20200225 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)-Mailing List, Vendor Advisory
- https://security.netapp.com/advisory/ntap-20200226-0002/
- [ofbiz-commits] 20200227 [ofbiz-plugins] branch release17.12 updated: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) (OFBIZ-11407)-Mailing List, Patch, Vendor Advisory
- [ofbiz-notifications] 20200227 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20200228 [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20200228 [jira] [Comment Edited] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)-Mailing List, Vendor Advisory
- [tomcat-users] 20200301 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution-Mailing List, Vendor Advisory
- [tomcat-users] 20200302 Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution-Mailing List, Vendor Advisory
- [tomcat-users] 20200302 Re: AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution-Mailing List, Vendor Advisory
- [tomcat-users] 20200302 AW: [SECURITY] CVE-2020-1938 AJP Request Injection and potentialRemote Code Execution-Mailing List, Vendor Advisory
- [tomcat-users] 20200304 Re: Fix for CVE-2020-1938-Mailing List, Vendor Advisory
- [tomcat-dev] 20200304 Re: Tagging 10.0.x, 9.0.x, 8.5.x-Mailing List, Vendor Advisory
- [debian-lts-announce] 20200304 [SECURITY] [DLA 2133-1] tomcat7 security update-Mailing List, Third Party Advisory
- [tomcat-users] 20200305 Aw: Re: Fix for CVE-2020-1938-Mailing List, Vendor Advisory
- [tomcat-users] 20200305 Re: Aw: Re: Fix for CVE-2020-1938-Mailing List, Vendor Advisory
- [tomcat-dev] 20200309 [Bug 64206] Answer file not being used-Mailing List, Vendor Advisory
- [tomcat-users] 20200309 Re: Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check)-Mailing List, Vendor Advisory
- [tomcat-users] 20200310 Aw: Re: Re: Fix for CVE-2020-1938-Mailing List, Vendor Advisory
- [tomcat-users] 20200310 Re: Re: Re: Fix for CVE-2020-1938-Mailing List, Vendor Advisory
- [tomee-dev] 20200311 CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1-Mailing List, Vendor Advisory
- [tomee-dev] 20200311 Re: CVE-2020-1938 on Tomcat 9.0.30 / TomEE 8.0.1-Mailing List, Vendor Advisory
- openSUSE-SU-2020:0345-Mailing List, Third Party Advisory
- [tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1-Mailing List, Vendor Advisory
- [httpd-bugs] 20200319 [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat-Mailing List, Vendor Advisory
- GLSA-202003-43-Third Party Advisory
- [tomee-commits] 20200320 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.-Mailing List, Vendor Advisory
- [tomee-commits] 20200320 [jira] [Created] (TOMEE-2789) TomEE plus is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.-Mailing List, Vendor Advisory
- [tomee-commits] 20200323 [jira] [Commented] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.-Mailing List, Vendor Advisory
- FEDORA-2020-0e42878ba7-Mailing List, Third Party Advisory
- FEDORA-2020-c870aa8378-Mailing List, Third Party Advisory
- FEDORA-2020-04ac174fa9-Mailing List, Third Party Advisory
- [tomcat-users] 20200413 RE: Alternatives for AJP-Mailing List, Vendor Advisory
- http://support.blackberry.com/kb/articleDetail?articleNumber=000062739
- openSUSE-SU-2020:0597-Mailing List, Third Party Advisory
- DSA-4673-Third Party Advisory
- DSA-4680-Third Party Advisory
- [debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update-Mailing List, Third Party Advisory
- [tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.html xdocs/security-8.html xdocs/security-9.html-Mailing List, Patch, Vendor Advisory
- [ofbiz-notifications] 20200628 [jira] [Updated] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20200628 [jira] [Created] (OFBIZ-11847) CLONE - Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2020.html
- [tomee-users] 20200723 Re: TomEE on Docker-Mailing List, Vendor Advisory
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.html
- [tomee-commits] 20201127 [jira] [Updated] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.-Mailing List, Vendor Advisory
- [tomee-commits] 20201127 [jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.-Mailing List, Vendor Advisory
- https://www.oracle.com/security-alerts/cpujan2021.html
- [announce] 20210125 Apache Software Foundation Security Report: 2020-Mailing List, Vendor Advisory
- [announce] 20210223 Re: Apache Software Foundation Security Report: 2020-Mailing List, Vendor Advisory
Keywords