一、 漏洞 CVE-2020-1938 基础信息
漏洞信息
                                        # N/A

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache Tomcat 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 7.0.100版本之前的7.*版本、8.5.51版本之前的8.*版本和9.0.31版本之前的9.*版本中的Tomcat AJP协议存在安全漏洞。攻击者可利用该漏洞读取或包含Tomcat上所有webapp目录下的任意文件,如 webapp 配置文件或源代码等。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2020-1938 的公开POC
# POC 描述 源链接 神龙链接
1 None https://github.com/xindongzhuaizhuai/CVE-2020-1938 POC详情
2 CVE-2020-1938 https://github.com/sgdream/CVE-2020-1938 POC详情
3 CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC POC详情
4 Cnvd-2020-10487 / cve-2020-1938, scanner tool https://github.com/bkfish/CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner POC详情
5 CVE-2020-1938漏洞复现 https://github.com/laolisafe/CVE-2020-1938 POC详情
6 None https://github.com/h7hac9/CVE-2020-1938 POC详情
7 Tomcat的文件包含及文件读取漏洞利用POC https://github.com/sv3nbeast/CVE-2020-1938-Tomact-file_include-file_read POC详情
8 在一定条件下可执行命令 https://github.com/fairyming/CVE-2020-1938 POC详情
9 None https://github.com/dacade/CVE-2020-1938 POC详情
10 批量扫描TomcatAJP漏洞 https://github.com/woaiqiukui/CVE-2020-1938TomcatAjpScanner POC详情
11 None https://github.com/fatal0/tomcat-cve-2020-1938-check POC详情
12 CVE-2020-1938 https://github.com/ze0r/GhostCat-LFI-exp POC详情
13 CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本,批量验证,并自动截图,方便提交及复核 https://github.com/delsadan/CNVD-2020-10487-Bulk-verification POC详情
14 Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938) https://github.com/00theway/Ghostcat-CNVD-2020-10487 POC详情
15 Learnings on how to verify if vulnerable to Ghostcat (aka CVE-2020-1938) https://github.com/shaunmclernon/ghostcat-verification POC详情
16 Test Explo for Ghostcat CVE-2020-1938 https://github.com/Zaziki1337/Ghostcat-CVE-2020-1938 POC详情
17 CVE-2020-1938(GhostCat) clean and readable code version https://github.com/w4fz5uck5/CVE-2020-1938-Clean-Version POC详情
18 批量检测幽灵猫漏洞 https://github.com/Just1ceP4rtn3r/CVE-2020-1938-Tool POC详情
19 CVE-2020-1938 / CNVD-2020-1048 Detection Tools https://github.com/doggycheng/CNVD-2020-10487 POC详情
20 This is about CVE-2020-1938 https://github.com/I-Runtime-Error/CVE-2020-1938 POC详情
21 CVE-2020-1938 exploit https://github.com/Umesh2807/Ghostcat POC详情
22 Disables AJP connectors to remediate CVE-2020-1938! https://github.com/MateoSec/ghostcatch POC详情
23 Modified version of auxiliary/admin/http/tomcat_ghostcat, it can Read any file https://github.com/acodervic/CVE-2020-1938-MSF-MODULE POC详情
24 None https://github.com/Hancheng-Lei/Hacking-Vulnerability-CVE-2020-1938-Ghostcat POC详情
25 None https://github.com/streghstreek/CVE-2020-1938 POC详情
26 Scanner for CVE-2020-1938 https://github.com/Neko-chanQwQ/CVE-2020-1938 POC详情
27 An implementation of CVE-2020-1938 https://github.com/jptr218/ghostcat POC详情
28 -H 192.168.1.1-192.168.5.255 https://github.com/einzbernnn/CVE-2020-1938Scan POC详情
29 This is a modified version of the original GhostCat Exploit https://github.com/YounesTasra-R4z3rSw0rd/CVE-2020-1938 POC详情
30 cve-2020-1938 Tomcat-Ajp-lfi.git脚本 https://github.com/Warelock/cve-2020-1938 POC详情
31 CVE-2020-1938 https://github.com/whatboxapp/GhostCat-LFI-exp POC详情
32 This is exploit of CVE-2020-1938 Ghostcat-Apache Tomcat Vulnerability https://github.com/technicalcorp2/CVE-2020-1938-Exploit POC详情
33 cve-2020-1938 POC, updated version https://github.com/s3nd3rjz/poc-CVE-2020-1938 POC详情
34 None https://github.com/WHtig3r/CVE-2020-1938 POC详情
35 poc-CVE-2020-1938 https://github.com/aib0litt/poc-CVE-2020-1938 POC详情
36 None https://github.com/hopsypopsy8/CVE-2020-1938-Exploitation POC详情
37 Apache Tomcat vulnerable to Ghostcat (CVE-2020-1938). https://github.com/erickrr-bd/Apache-Tomcat-Ghostcat-Vulnerability POC详情
38 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2020/CVE-2020-1938.yaml POC详情
39 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Tomcat%20AJP%20%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E%20CVE-2020-1938.md POC详情
40 https://github.com/vulhub/vulhub/blob/master/tomcat/CVE-2020-1938/README.md POC详情
三、漏洞 CVE-2020-1938 的情报信息