Miggo Logo

CVE-2020-1938: Improper Privilege Management in Apache Tomcat AJP Connector

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.99995%
Published
6/15/2020
Updated
7/25/2024
KEV Status
Yes
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat.embed:tomcat-embed-coremaven>= 9.0.0, < 9.0.319.0.31
org.apache.tomcat.embed:tomcat-embed-coremaven>= 8.0.0, < 8.5.518.5.51
org.apache.tomcat.embed:tomcat-embed-coremaven>= 7.0.0, < 7.0.1007.0.100

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability exists in AJP request handling. While patches only show configuration changes (disabling connector), the CVE description and Tomcat architecture indicate the AjpProcessor class handles AJP message processing. The process() method handles request flow, and prepareRequest() sets attributes from AJP packets. These functions would appear in stack traces during exploitation when processing malicious AJP requests containing file inclusion attributes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n usin* t** *p**** JS*rv Proto*ol (*JP), **r* must ** t*k*n w**n trustin* in*omin* *onn**tions to *p**** Tom**t. Tom**t tr**ts *JP *onn**tions *s **vin* *i***r trust t**n, *or *x*mpl*, * simil*r *TTP *onn**tion. I* su** *onn**tions *r* *v*il**l* t

Reasoning

T** vuln*r**ility *xists in *JP r*qu*st **n*lin*. W*il* p*t***s only s*ow *on*i*ur*tion ***n**s (*is**lin* *onn**tor), t** *V* **s*ription *n* Tom**t *r**it**tur* in*i**t* t** `*jpPro**ssor` *l*ss **n*l*s *JP m*ss*** pro**ssin*. T** `pro**ss()` m*t*o