一、 漏洞 CVE-2020-1938 基础信息
漏洞信息
# N/A
N/A
神龙判断
是否为 Web 类漏洞: 是
判断理由:
是。这个漏洞涉及Apache Tomcat的AJP Connector,默认配置中监听所有IP地址,这使得攻击者能够利用AJP协议的高信任级别,执行如返回任意文件或以JSP形式处理文件等操作,进而可能实现远程代码执行。此问题需在网络服务端进行修复或配置更改以减少风险。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache Tomcat 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 7.0.100版本之前的7.*版本、8.5.51版本之前的8.*版本和9.0.31版本之前的9.*版本中的Tomcat AJP协议存在安全漏洞。攻击者可利用该漏洞读取或包含Tomcat上所有webapp目录下的任意文件,如 webapp 配置文件或源代码等。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2020-1938 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | None | https://github.com/xindongzhuaizhuai/CVE-2020-1938 | POC详情 |
| 2 | CVE-2020-1938 | https://github.com/sgdream/CVE-2020-1938 | POC详情 |
| 3 | CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc | https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC | POC详情 |
| 4 | Cnvd-2020-10487 / cve-2020-1938, scanner tool | https://github.com/bkfish/CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner | POC详情 |
| 5 | CVE-2020-1938漏洞复现 | https://github.com/laolisafe/CVE-2020-1938 | POC详情 |
| 6 | None | https://github.com/h7hac9/CVE-2020-1938 | POC详情 |
| 7 | Tomcat的文件包含及文件读取漏洞利用POC | https://github.com/sv3nbeast/CVE-2020-1938-Tomact-file_include-file_read | POC详情 |
| 8 | 在一定条件下可执行命令 | https://github.com/fairyming/CVE-2020-1938 | POC详情 |
| 9 | None | https://github.com/dacade/CVE-2020-1938 | POC详情 |
| 10 | 批量扫描TomcatAJP漏洞 | https://github.com/woaiqiukui/CVE-2020-1938TomcatAjpScanner | POC详情 |
| 11 | None | https://github.com/fatal0/tomcat-cve-2020-1938-check | POC详情 |
| 12 | CVE-2020-1938 | https://github.com/ze0r/GhostCat-LFI-exp | POC详情 |
| 13 | CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本,批量验证,并自动截图,方便提交及复核 | https://github.com/delsadan/CNVD-2020-10487-Bulk-verification | POC详情 |
| 14 | Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938) | https://github.com/00theway/Ghostcat-CNVD-2020-10487 | POC详情 |
| 15 | Learnings on how to verify if vulnerable to Ghostcat (aka CVE-2020-1938) | https://github.com/shaunmclernon/ghostcat-verification | POC详情 |
| 16 | Test Explo for Ghostcat CVE-2020-1938 | https://github.com/Zaziki1337/Ghostcat-CVE-2020-1938 | POC详情 |
| 17 | CVE-2020-1938(GhostCat) clean and readable code version | https://github.com/w4fz5uck5/CVE-2020-1938-Clean-Version | POC详情 |
| 18 | 批量检测幽灵猫漏洞 | https://github.com/Just1ceP4rtn3r/CVE-2020-1938-Tool | POC详情 |
| 19 | CVE-2020-1938 / CNVD-2020-1048 Detection Tools | https://github.com/doggycheng/CNVD-2020-10487 | POC详情 |
| 20 | This is about CVE-2020-1938 | https://github.com/I-Runtime-Error/CVE-2020-1938 | POC详情 |
| 21 | CVE-2020-1938 exploit | https://github.com/Umesh2807/Ghostcat | POC详情 |
| 22 | Disables AJP connectors to remediate CVE-2020-1938! | https://github.com/MateoSec/ghostcatch | POC详情 |
| 23 | Modified version of auxiliary/admin/http/tomcat_ghostcat, it can Read any file | https://github.com/acodervic/CVE-2020-1938-MSF-MODULE | POC详情 |
| 24 | None | https://github.com/Hancheng-Lei/Hacking-Vulnerability-CVE-2020-1938-Ghostcat | POC详情 |
| 25 | None | https://github.com/streghstreek/CVE-2020-1938 | POC详情 |
| 26 | Scanner for CVE-2020-1938 | https://github.com/Neko-chanQwQ/CVE-2020-1938 | POC详情 |
| 27 | An implementation of CVE-2020-1938 | https://github.com/jptr218/ghostcat | POC详情 |
| 28 | -H 192.168.1.1-192.168.5.255 | https://github.com/einzbernnn/CVE-2020-1938Scan | POC详情 |
| 29 | This is a modified version of the original GhostCat Exploit | https://github.com/YounesTasra-R4z3rSw0rd/CVE-2020-1938 | POC详情 |
| 30 | cve-2020-1938 Tomcat-Ajp-lfi.git脚本 | https://github.com/Warelock/cve-2020-1938 | POC详情 |
| 31 | CVE-2020-1938 | https://github.com/whatboxapp/GhostCat-LFI-exp | POC详情 |
| 32 | This is exploit of CVE-2020-1938 Ghostcat-Apache Tomcat Vulnerability | https://github.com/technicalcorp2/CVE-2020-1938-Exploit | POC详情 |
| 33 | cve-2020-1938 POC, updated version | https://github.com/s3nd3rjz/poc-CVE-2020-1938 | POC详情 |
| 34 | None | https://github.com/WHtig3r/CVE-2020-1938 | POC详情 |
| 35 | poc-CVE-2020-1938 | https://github.com/aib0litt/poc-CVE-2020-1938 | POC详情 |
| 36 | None | https://github.com/hopsypopsy8/CVE-2020-1938-Exploitation | POC详情 |
| 37 | Apache Tomcat vulnerable to Ghostcat (CVE-2020-1938). | https://github.com/erickrr-bd/Apache-Tomcat-Ghostcat-Vulnerability | POC详情 |
| 38 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. | https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2020/CVE-2020-1938.yaml | POC详情 |
| 39 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Tomcat%20AJP%20%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E%20CVE-2020-1938.md | POC详情 |
| 40 | https://github.com/vulhub/vulhub/blob/master/tomcat/CVE-2020-1938/README.md | POC详情 | |
| 41 | Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938) | https://github.com/Joshua8821/CNVD | POC详情 |
| 42 | Apache Tomcat AJP Ghostcat (CVE-2020-1938) exploit tool for file disclosure with multi-target scanning, custom wordlists, and upload point detection capabilities | https://github.com/abrewer251/CVE-2020-1938_Ghostcat-PoC | POC详情 |
| 43 | None | https://github.com/RedTeam-Rediron/CVE-2020-1938 | POC详情 |
三、漏洞 CVE-2020-1938 的情报信息
- https://security.netapp.com/advisory/ntap-20200226-0002/x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
- http://support.blackberry.com/kb/articleDetail?articleNumber=000062739x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
- https://www.debian.org/security/2020/dsa-4673vendor-advisoryx_refsource_DEBIAN
- https://www.debian.org/security/2020/dsa-4680vendor-advisoryx_refsource_DEBIAN
- https://security.gentoo.org/glsa/202003-43vendor-advisoryx_refsource_GENTOO
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.htmlvendor-advisoryx_refsource_SUSE
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/vendor-advisoryx_refsource_FEDORA
- https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3Emailing-listx_refsource_MLIST
标题: Apache Software Foundation Security Report: 2020-Apache Mail Archives -- 🔗来源链接
标签:mailing-listx_refsource_MLIST
神龙速读:## 关键信息摘要 ### 漏洞统计 - **2020年总共收到18,000封邮件** - **经过垃圾邮件过滤和线程分组后,处理了946条非垃圾邮件线程(2019年为620条)** ### 漏洞报告分类 - **27%的线程是关于Apache许可证的误解** - **23%的线程是关于非安全问题的支持请求** - **10%的线程是关于Apache网站的误报** ### 新报告的漏洞 - **2020年共报告了376个新的漏洞(2019年为320个)** - **涉及101个顶级项目** ### 值得注意的事件 - **Apache Tomcat的CVE-2020-1938(Ghostcat)**:引起媒体关注,但仅影响未受保护的AJP连接器 - **Apache Struts2的CVE-2017-5638**:2017年披露的远程代码执行漏洞,2020年被利用 - **Apache Guacamole的CVE-2020-9497和CVE-2020-9498**:涉及RDP相关问题 - **Apache Struts的CVE-2019-0230**:可能导致任意代码执行 ### 时间线 - **分类:** 目标在三天内处理邮件 - **调查:** 尝试在90天内完成分类和调查 - 固定:依赖项目自身的发布时间表 ### 其他 - **2020年分配了151个CVE名称(2019年为122个)** - **ASF安全委员会与项目团队紧密合作,确保安全问题得到妥善处理**
- https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlmailing-listx_refsource_MLIST
- https://lists.debian.org/debian-lts-announce/2020/03/msg00006.htmlmailing-listx_refsource_MLIST
标题: [Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat-Apache Mail Archives -- 🔗来源链接
标签:mailing-listx_refsource_MLIST
![[Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat-Apache Mail Archives](https://cvepdf.imfht.com:2443//ti_screenshot/2025-11-12/screenshot-viewport-2025-11-12T08-49-06.936Z-2f4c4b350ea29fafac0a.webp)
- https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3Emailing-listx_refsource_MLIST
标题: [jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)-Apache Mail Archives -- 🔗来源链接
标签:mailing-listx_refsource_MLIST
神龙速读:### 关键信息 - **漏洞ID**: OFBIZ-11407 - **漏洞详情**: Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938) - **提交情况**: Commit 227ecf8023a13789a7ed739807e1d93ee7891e0c in ofbiz-plugins's branch refs/heads/release17.12 from Deepak Dixit - **相关链接**: - [https://issues.apache.org/jira/browse/OFBIZ-11407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17046672#comment-17046672](https://issues.apache.org/jira/browse/OFBIZ-11407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17046672#comment-17046672) - [https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=227ecf8](https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=227ecf8) - **未更新的依赖**: tomcat-embed-websocket dependencies not updated (v8.3.4#803005)![[jira] [Commented] (OFBIZ-11407) Upgrade Tomcat from 9.0.29 to 9.0.31 (CVE-2020-1938)-Apache Mail Archives](https://cvepdf.imfht.com:2443//ti_screenshot/2025-11-10/screenshot-full-2025-11-10T10-23-32.758Z-0bc65df70f7f7d0a95bd.webp)
- https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3Emailing-listx_refsource_MLIST
- https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2020-1938
四、漏洞 CVE-2020-1938 的评论
暂无评论