漏洞描述
ApacheTomcat会开启AJP连接器,方便与其他Web服务器通过AJP协议进行交互。由于Tomcat本身也内含了HTTP服务器,因此也可以视作单独的Web服务器。此漏洞为文件包含漏洞,攻击者可利用该漏洞读取或包含Tomcat 上所有 webapp 目录下的任意文件。
Apache Tomcat Ajp webapp 任意文件读取漏洞(CVE-2020-1938)
PoC代码
暂无相关漏洞推荐
-
CVE-2018-11759: Apache Tomcat JK Connect <=1.2.44 - Manager Access POC
2025-09-01 | Apache Tomcat JK ConnectThe Apache Web Server (httpd) specific code that normalised the requested path before matching it to... -
CVE-2020-1938: Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability POC
2025-09-01 | Apache TomcatWhen using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to... -
tomcat-detect: Apache Tomcat Detect POC
2025-09-01 | Apache TomcatAn Apache Tomcat Manager panel was discovered. app="APACHE-Tomcat" -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...