CVE-2020-1938: Apache Tomcat Improper Privilege Management Vulnerability.
Apache Tomcat Improper Privilege Management Vulnerability. Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
- CISA KEV-listed (remediation due 2022-03-17)
- EPSS 94.5% (100.0% percentile)