← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-1938 — Actively Exploited: Tomcat (Apache)

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

CVE IDCVE-2020-1938
VendorApache
ProductTomcat
Vulnerability nameApache Tomcat Improper Privilege Management Vulnerability
Date added2022-03-03
Remediation due2022-03-17
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionApache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →