September 25, 2020

CVE-2020-1938: Apache Tomcat AJP Connector Remote Code Execution Vulnerability Alert

1 min read

Apache Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language, and WebSocket technologies. Tomcat provides a “pure Java” HTTP web server environment in which Java code can run. Recently, Apache Tomcat fixed a vulnerability (CVE-2020-1938) that allows an attacker to read any webapps files (such as webapp configuration files, source code, etc.) or include a file to remote code execution. The PoC was published.

Most server hosting providers fixed this Apache Tomcat Vulnerability earlier. However, You need to pick a Fastest WordPress Hosting company that always updates their Tomcat to the latest version thus benefiting with better security to safeguard against attacks and Vulnerabilities

Affected Version

  • Apache Tomcat 6
  • Apache Tomcat 7x <7.0.100
  • Apache Tomcat 8x <8.5.51
  • Apache Tomcat 9x <9.0.31

Unaffected version

  • Apache Tomcat 6 is no longer maintained. Please upgrade to the latest supported version of Tomcat to avoid the vulnerability.
  • Tomcat 7.0.0100
  • Tomcat 8.5.51
  • Tomcat 9.0.31