subject:"\[SECURITY\] CVE\-2020\-1938 AJP Request Injection and potential Remote Code Execution"

Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution

2020-03-02 Thread Mark Thomas

On 01/03/2020 23:34, Stefan Mayr wrote: > Am 24.02.2020 um 13:47 schrieb Mark Thomas: >> CVE-2020-1938 AJP Request Injection and potential Remote Code Execution >> >> Severity: High >> >> ... >> - returning arbitrary files from anywhere in the web application >> including under the WEB-INF and ME

Re: [SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution

2020-03-01 Thread Stefan Mayr

Am 24.02.2020 um 13:47 schrieb Mark Thomas: > CVE-2020-1938 AJP Request Injection and potential Remote Code Execution > > Severity: High > > ... > - returning arbitrary files from anywhere in the web application > including under the WEB-INF and META-INF directories or any other > location re

[SECURITY] CVE-2020-1938 AJP Request Injection and potential Remote Code Execution

2020-02-24 Thread Mark Thomas

CVE-2020-1938 AJP Request Injection and potential Remote Code Execution Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.30 Apache Tomcat 8.5.0 to 8.5.50 Apache Tomcat 7.0.0 to 7.0.99 Description: When using the Apache JServ Protocol (AJP),