CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2020-1938: Apache Tomcat Improper Privilege Management Vulnerability

criticalknown exploitedpublic exploitCVE-2020-1938
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

CSIRTS triage

What
Improper privilege management in Apache Tomcat can be exploited through AJP connections.
Who is affected
Deployments of Apache Tomcat that expose AJP connections are vulnerable.
Urgency
Urgent remediation is necessary as the vulnerability is critical and actively exploited.
Action
Apply security patches or restrict access to AJP connections.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Tomcat

Get an email when a new Tomcat advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Known Exploited Vulnerabilities (US · database · site)
Severity
critical
Published
2022-03-03
Exploitation
Observed in the wild (CISA KEV)

Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-1938

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2020-1938coverage & exploitation statusNVD · CVE.org

Recent advisories for Apache Tomcat Improper

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from CISA Known Exploited Vulnerabilities