Published: 24/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 684

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat
apache geode 1.12.0
fedoraproject fedora 30
fedoraproject fedora 31
fedoraproject fedora 32
oracle transportation management 6.3.7
oracle hospitality guest access 4.2.0
oracle hospitality guest access 4.2.1
oracle agile plm 9.3.3
oracle agile plm 9.3.5
oracle agile plm 9.3.6
oracle instantis enterprisetrack
oracle mysql enterprise monitor
oracle health sciences empirica signal 7.3.3
oracle communications instant messaging server 10.0.1.4.0
oracle communications element manager 8.2.0
oracle communications element manager 8.2.1
oracle communications element manager 8.1.1
oracle workload manager 18c
oracle workload manager 19c
oracle workload manager 12.2.0.1
oracle agile engineering data management 6.2.1.0
oracle siebel ui framework
oracle health sciences empirica inspections 1.0.1.2
debian debian linux 8.0
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.1
blackberry good control
blackberry workspaces server 7.0.1
blackberry workspaces server 7.1.2
blackberry workspaces server 9.0
blackberry workspaces server 8.1.0

Debian Bug report logs - #952436 tomcat7: CVE-2020-1938 AJP Request Injection and potential RCE Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Joost van Baal-Ilić <joostvb+debian-bugs@ ...

Debian Bug report logs - #952437 tomcat9: vulnerable for "ghostcat", CVE-2020-1938 / CNVD-2020-10487 Package: tomcat9; Maintainer for tomcat9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat9 is src:tomcat9 (PTS, buildd, popcon) Reported by: Joost van Baal-Ilić <joostvb+debian- ...

Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector (disabled by default in Debian) or a man-in-the-middle attack against the JMX interface For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u1 The ...

Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector (disabled by default in Debian) For the oldstable distribution (stretch), these problems have been fixed in version 8554-0+deb9u1 We recommend that you upgrade your tomcat8 packages ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64Red Hat Product Security has rated this update as having a security impact of Important ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and RHEL 7Red Hat Product Security has rated this release as having a security impact of Important A Commo ...

Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impact of Important A Common Vulnerability Scorin ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as h ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat JBoss Web Server 53 release Type/Severity Security Advisory: Important Topic Red Hat JBoss Web Server 530 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security has rated this release as having a security impact ofImportant A Common ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64Red Hat Product Security has rated this update as having a security impact of Important A C ...

Synopsis Important: Red Hat JBoss Web Server 53 release Type/Severity Security Advisory: Important Topic Updated Red Hat JBoss Web Server 530 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated this relea ...

Synopsis Important: tomcat6 security update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: Red Hat support for Spring Boot 2113 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...

In Apache Tomcat 900M1 to 9030, 850 to 8550 and 700 to 7099 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Enc ...

The host name verification when using TLS with the WebSocket client was missing It is now enabled by default Versions Affected: Apache Tomcat 900M1 to 909, 850 to 8531, 800RC1 to 8052, and 7035 to 7088 (CVE-2018-8034) The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Ap ...

The refactoring present in Apache Tomcat 9028 to 9030, 8548 to 8550 and 7098 to 7099 introduced a regression The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the inva ...

Cosminexus Component Container contain the following vulnerabilities: CVE-2020-1935, CVE-2020-1938 Cosminexus Component Container - Redirector contain the following vulnerability: CVE-2020-1938 Affected products and versions are listed below Please upgrade your version to the appropriate version This vulnerability exists in Cosminexus C ...

A vulnerability (CVE-2020-1938) exists in JP1 and Hitachi IT Operations Director Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Multiple vulnerabilities have been found in JP1/Automatic Job Management System 3 - Web Operation Assistant CVE-2018-0739, CVE-2018-1301, CVE-2019-1559, CVE-2019-1563, CVE-2020-1938 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Critical Infrastructure Sectors: Healthcare and Public Health

Tomghost Notes on CTF Run from TryHackMe's attack box The developer of this box used a swear word as a username, so don't read this writeup if that bothers you I suppose 1010153220 is the target and 10108087 is the attackbox Recon nmap Starting Nmap 760 ( nmaporg ) at 2023-07-11 17:56 BST Nmap scan report for ip-10-10-153-220eu-west-1computeinte

CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc

CNVD-2020-10487-Tomcat-Ajp-lfi-POC CNVD-2020-10487(CVE-2020-1938), tomcat ajp lfi poc Note: pocpy only runs on python27, not surport python 3+ Usage: pip install -r requirementstxt python pocpy -p 8009 -f "/WEB-INF/webxml" 127001

CVE-2020-1938漏洞复现

CVE-2020-1938 CVE-2020-1938漏洞复现利用脚本：laolisafecom/thread-612-1-1html 环境： apache-tomcat-8532 java powershell exp 环境-python 启动tomcat sh /startupsh 利用工具仅用于安全研究以及内部自查，禁止使用工具发起非法攻击，造成的后果使用者负责

cve-2020-1938 1read file： python3 tomcatpy URL -f /WEB-INF/webxml example: python3 tomcatpy 127001 -f /WEB-INF/webxml -p 8090 2excute shell add --rec 1 refere: wwwt00lsnet/articles-55062html

tomcat-cve-2020-1938-check

CVE-2020-1938

GhostCat-LFI-exp CVE-2020-1938 原EXP：githubcom/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi 只修改了以处，可以本地包含（执行）任意项目下的任意文件。

CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc

jboss-workshop

Workshopkonfiguration und Unterlagen JBoss Deployment und Monitoring Umgebung Die Umgebung wurde auf AWS mit EC2 Instanzen bereitgestellt Die Installation wurde dabei mit terrafom vorgenommen Terraform Projekt: githubcom/alexandersimon/jboss-workshop-setup Instanzen CentOS Linux 7 x86_64 HVM EBS ENA: ami-0e8286b71b81c3cc1 EC2 Instanz: t2medium und t2large Deploym

CVE-2020-1938 / CNVD-2020-1048 Detection Tools

说明工具仅用于安全研究以及内部自查, 禁止使用工具发起非法攻击, 造成的后果由使用者负责 Apache Tomcat文件包含漏洞（CVE-2020-1938 / CNVD-2020-1048 ）批量检测工具此项目在Kit4y的项目的基础上进行修改代码修改当iptxt中只有1个域名或ip时, 会使得threadCount为1, 程序实际上没有运行, 增加�

CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本，批量验证，并自动截图，方便提交及复核

CNVD-2020-10487(CVE-2020-1938)批量验证脚本批量脚本，基于@YDHCUI的POC文件制作，批量且可以自动截图，方便复核一、环境准备虚拟环境请用conda安装（自行百度miniconda安装），因为POC用的python2，所以要建一个python2环境，一个python3环境 python2(POC运行环境)： conda create -n python2 python=python27

Awesome-Redteam 【免责声明】本项目所涉及的技术、思路和工具仅供学习，任何人不得将其用于非法用途和盈利，不得将其用于非授权渗透测试，否则后果自行承担，与本项目无关。使用本项目前请先阅读法律法规。快速导航攻防渗透常用命令重要端口及服务速查目录 Awesome-Redteam 快�

批量扫描TomcatAJP漏洞

CVE-2020-1938TomcatAjpScanner 批量扫描TomcatAJP漏洞漏洞详情 2020年1月6日，国家信息安全漏洞共享平台（CNVD）收录了Apache Tomcat文件包含漏洞（CNVD-2020-10487，对应CVE-2020-1938）。攻击者利用该漏洞，可在未授权的情况下远程读取特定目录下的任意文件。目前，漏洞细节尚未公开，厂商已发布新版本

CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本，批量验证，并自动截图，方便提交及复核

基于 Knownsec 404 Team 编写的 pocsuite3 框架收集整理漏洞相关POC，用于安全测试。

Pocsuite3 基于 Knownsec 404 Team 编写的 pocsuite3 框架收集整理漏洞相关POC，用于安全测试。 Pocsuite3源码地址 | 使用说明 | 开发文档 | 漏洞分类基本用法 Python 34+ Works on Linux, Windows, Mac OSX, BSD pip install -r requirementstxt cd pocsuite3 python clipy -r pocs/tomcat_ajp_cve_2020_1938_arbitrary_file_readpy -u $vulurl

The source files of my completed TryHackMe challenges and walkthroughs with links to their respective rooms

What's inside? Well nmap scans, directory listings, thought process while going through the challenge, exploit codes et al NB: No direct flags, try harder! :-) About TryHackMe TryHackMe is an online platform for learning and teaching cybersecurity, which is beginner-friendly and versatile in different topics It consists of tons of rooms, which are virtual classrooms d

CVE-2020-1938 Detection Rules # CNVD-2020-10487 CVE-2020-1938 alert tcp any any -> any 8009 (msg:"CNVD-2020-10487 Ghostcat"; content:"javax|2e|servlet|2e|include|2e|request_uri"; content:"javax|2e|servlet|2e|include|2e|path_info"; content:"javax|2e|servlet|2e|include|2e|servlet_path"; reference:url,wwwanquankecom/post/id/199351;

Teste de Penetração à máquina fornecida pelo professor da unidade curricular Testes de Penetração e Hacking Ético

Maquina-NOASPEN Teste de Penetração à máquina fornecida pelo professor da unidade curricular Testes de Penetração e Hacking Ético Avaliação: 19,5 Enumeração Enumeração dos serviços: nmap -A 192168573 Como podemos ver pelo scan do nmap, tem

Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆破、CVE-2020-1938 Tomcat AJP文件读取/包含

AttackTomcat 检测漏洞清单 CVE-2017-12615 PUT文件上传漏洞 tomcat-pass-getshell 弱认证部署war包弱口令爆破 CVE-2020-1938 Tomcat 文件读取/包含使用方式初次使用前请先在设置中重新设置配置文件，其他问题请仔细阅读！！！，java -jar *jar 启动可查看运行日志信息！！下载源码maven编译，或者直接�

Disables AJP connectors to remediate CVE-2020-1938!

ghostcatch Python to disable AJP connectors in Apache Tomcat to remediate CVE-2020-1938 (Ghostcat)! Currently written for: Python 27 Requires: pip install progress Usage: python ghostCatchpy -help is the flag for usage Example: python ghostCatchpy -help -path is the flag to specify path Example: python ghostCatchpy -path /myPath To se

利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码

ClassHound 利用任意文件下载漏洞自动循环下载并反编译class文件获得网站源码注意事项 1 使用过程中的 bug 和优化建议欢迎提 issue 2 程序运行请先安装 requirementstxt 中的 python 模块, 并配置好 java 环境变量 3 程序仅作为安全研究和授权测试使用, 开发人员对因误用和滥用该程序造成的一�

CVE_2020_1938 This project is for vulnerability practice using cve-2020-1938 Description CVE-2020-1938 is an Apache Tomcat vulnerability called Ghostcat Tomcat has an HTTP Connector that uses port 8080 and AJP Connector that uses port 8009 Http connector provides http web service and AJP is used for data exchange Therefore, the ajp connector is activated by default as port 8

批量扫描TomcatAJP漏洞

Test Explo for Ghostcat CVE-2020-1938

Ghostcat-CVE-2020-1938 Test Explo for Ghostcat CVE-2020-1938

CVE-2020-1938 exploit

Ghostcat CVE-2020-1938 exploit

Some poc of cve

CVE-POC CNVD-2021-10543 MessageSolution 企业邮件归档管理系统 EEA 存在信息泄露漏洞 CVE-2020-1938 Apache Tomcat文件包含漏洞

CVE-2020-1938(GhostCat) clean and readable code version

CVE-2020-1938-Clean-Version CVE-2020-1938(GhostCat) clean and readable code version Me

Tomcat的文件包含及文件读取漏洞利用POC

CVE-2020-1938(Tomcat-file_include and file_red) Tomcat的文件包含及文件读取漏洞利用POC 文件读取 Usage :python2 "Tomcat-ROOT路径下文件读取(CVE-2020-1938)py" -p 8009 -f /testtxt 127001 文件包含 Usage :python2 "Tomcat-ROOT路径下文件包含(CVE-2020-1938)py" -p 8009 -f /testtxt 127001 复现详情：wwwsvenbe

wscan Wscan是一款专注于WEB安全的扫描器，它向Nmap致敬，而Nmap已经开源25年了。我们也计划在未来25年内持续更新Wscan，并将其持续开源。我们欢迎所有对web安全感兴趣的人一起加入我们的开发团队。我们的目标是开发一款使用机器学习进行渗透测试的工具。与其他工具不同的是，我们的工

Intro AJPy aims to craft AJP requests in order to communicate with AJP connectors Reference documentation: tomcatapacheorg/connectors-doc/ajp/ajpv13ahtml Tools At the moment, only one tool is provided for Tomcat with the following modules: version fingerprint $ python tomcatpy version 1721702 Apache Tomcat/8035 authen

Java安全学习之路（从小白到放弃）

Java安全 Java安全学习之路（从小白到放弃）从0开始的Java安全，希望能坚持下去~ 博客地址：yq1nggithubio/ CSDN间断更新）：blogcsdnnet/weixin_43578492 为了方便，项目源码与所用工具都尽量上传了学习之路 Struts2（部分，暂时到S002） CVE-2020-1938 幽灵猫( GhostCat ) Tomcat-Ajp协议任意文

Scanner for CVE-2020-1938

CVE-2020-1938 Scanner for CVE-2020-1938 扫描器？ PoC？随便叫吧直接运行在Python环境运行就好根据提示输入IP地址就好，建议在tomcat搭建完成的时候使用 Scanner为重新修改的脚本，增加了多个IP地址输入，修改了判断tomcat服务器版本的方法

Scanner for CVE-2020-1938

Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)

Ghostcat exp for CNVD-2020-10487(CVE-2020-1938) tomcat ajp协议任意属性设置导致的文件读取和文件执行。漏洞分析代码仅供安全测试，请勿用于非法用途,造成的后果使用者负责与本人无关！！！ python3 ajpShooterpy -h _ _ __ _ _ /_\ (_)_ __ / _\ |__ ___ ___ | |_ ___ _ __ //_\\

Tomcat漏洞批量检测工具

Tomcatscan Tomcat common vulnerability detection python3 Tomcatscanpy -u xxx -p xx //对指定端口进行漏洞探测以及弱口令检测，同时会检测8009端口cve-2020-1938漏洞 python TomcatScanpy -H 19216811-1921682255 //默认检测8080，8081，80，443，8009端口，如需深入探测，可以先利用信息收集工具收集tomcat url保存到文件中

Modified version of auxiliary/admin/http/tomcat_ghostcat, it can Read any file

CVE-2020-1938-MSF-MODULE Modified version of auxiliary/admin/http/tomcat_ghostcat, Read any file Overwrite the file(/metasploit-framework/modules/auxiliary/admin/http/tomcat_ghostcatrb) and restart msfconsole to execute reload_all Then you can use the module

Woodpecker framework Tomcat vulnerability library

woodpecker框架Tomcat漏洞库漏洞列表弱口令爆破 CVE-2017-12615 CVE-2020-1938 AJP LFI

Learnings on how to verify if vulnerable to Ghostcat (aka CVE-2020-1938)

Ghostcat verification (CVE-2020-1938) Summary A new exploit called Ghostcat has been found CVE-2020-1938, see the articles on snyk and tenable for details and analysis of the exploit itself In my case, I wanted to verify which Tomcat servers are exploitable and if so how does it manifest itself So this experiment is to check Tomcat 7, 8 and 9 Prerequsites docker python git

Disables AJP connectors to remediate CVE-2020-1938!

Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)

批量检测幽灵猫漏洞

CVE-2020-1938-Tool 首先感谢hypn0s提供的AJP协议请求构造的工具AJPY（一个python库），本项目在此基础上实现批量检测幽灵猫漏洞站点。使用方法暂时拥有两种功能 usage: tomcatpy [-h] {read_file,scan_files} positional arguments: {read_file,scan_files} read_file Exploit CVE-2020-1938 scan_files scan

CVE-2020-1938 Suricata 检测规则 # CNVD-2020-10487 CVE-2020-1938 alert tcp any any -> any 8009 (msg:"CNVD-2020-10487 Ghostcat"; content:"javax|2e|servlet|2e|include|2e|request_uri"; content:"javax|2e|servlet|2e|include|2e|path_info"; content:"javax|2e|servlet|2e|include|2e|servlet_path"; reference:url,wwwanquankecom/post/id/19

-H 192.168.1.1-192.168.5.255

CVE-2020-1938Scan python2 CVE-2020-1938Scanpy -p 8009 -f WEB-INF/webxml -hf ipstxt python2 CVE-2020-1938Scanpy -p 8009 -f WEB-INF/webxml -H 19216811-1921685255 python2 CVE-2020-1938Scanpy -p 8009 -f WEB-INF/webxml -i 192168358

漏洞修复建议大全

漏洞修复建议大全早先一直靠老版本的Word文档苟延残喘，然后公司内网平台有了以后用公司的，怎奈太久没更新了好多不适用，加之人懒，VPN都不想登，便开设此项目。该项目持续更新 [TOC] SQL注入修改Web应用服务的软件部分，增加对客户端提交数据的合法性验证，至少严格过滤SQL语�

Write-up for TryHackMe Challenge. Updated version: https://wuvel.net/

TryHackMe Writeup TryHackMe is an online platform for learning and teaching cybersecurity, which is beginner-friendly and versatile in different topics Author : Wuvel :p Room(s) solved : Room Name Topics Difficulty Description Vulnversity recon, privesc, webappsec, video Easy Learn about active recon, web app attacks and privilege escalation Inclusion web, file incl

An implementation of CVE-2020-1938

This tool exploits an LFI vulnerability within Apache Tomcat named CVE-2020-1938 to not only view sensitive files, but also to run malicious JSP payloads It can be downloaded here (you will need to run it from the command line) Usage: ghostcat [target] [HTTP port] [AJP port] [file] [read/eval]

CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本，批量验证，并自动截图，方便提交及复核

在一定条件下可执行命令

CVE-2020-1938-tomcat-文件下载+文件包含 Tomcat-Ajp协议文件读取漏】源poc来源：githubcom/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC/blob/master/pocpy 修改后可包含文件，在某些条件下可以执行命令

添加-a 参数 CNVD-2020-10487-Tomcat-Ajp-lfi-POC 拿到POC地址:githubcom/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC 发现POC中只能访问ROOT目录 ,不能跨应用所以改了下POC CNVD-2020-10487(CVE-2020-1938), tomcat ajp lfi poc Usage: pip install -r requirementstxt python pocpy -p 8009 -f "/WEB-INF/webxml" 127001 -a applicationName 感谢�

TomGhost IP: 1010102122 PORTS: 22 53 8080 - tomcat - v9030 8009 - apache-jserv v13 AJP ghostcat CVE-2020-1938 githubcom/Hancheng-Lei/Hacking-Vulnerability-CVE-2020-1938-Ghostcat/blob/main/CVE-2020-1938py running CVE-2020-1938py - errors tried another ghostcat-POC, fixed it for python3 got creds: skyfuck:8730281lkjlkjdqlksalks got files credentialpgp tr

HypeJab is a deliberately vulnerable web application intended for benchmarking automated scanners.

HypeJab 💉 HypeJab serves as a purposeful target for evaluating the effectiveness of automated scanners, designed specifically to exploit its vulnerabilities This web application is intentionally crafted to highlight common security flaws found in online systems By offering a controlled environment for scanning tools to assess their accuracy and efficiency, HypeJab facilita

HypeJab is a deliberately vulnerable web application intended for benchmarking automated scanners.

June's Patch Tuesday reveals 23 ways to remotely pwn Windows – and over 100 more bugs that could ruin your day

The Register • Shaun Nichols in San Francisco • 09 Jun 2020

Microsoft, Intel, Adobe, SAP emit fixes in security synchronicity

Patch Tuesday Microsoft has given IT admins and folks another busy Patch Tuesday with 129 security vulnerabilities to address. The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. The massive bundle is not entirely unexpected, as security experts have suggested that vendors are still catching up on their patching and reporting routines. Of the 129 patches this month, 11 were rated by Microsoft as critical...

CVE-2020-1938

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect