Identifier

CVE-2020-1938

Package Slug

maven/org.apache.tomcat/coyote

Vulnerability

Improper Input Validation

Description

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising.

Affected Versions

All versions starting from 7.0.0 up to 7.0.99, all versions starting from 8.5.0 up to 8.5.50, all versions starting from 9.0.0 up to 9.0.30

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-07-21

source