CVE-2020-1938.
Discussion: A file read/inclusion vulnerability was found in AJP connector. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and gain remote code execution (RCE).
Recommended Remediation: Update the AJP configuration to require authorization and/or upgrade the Tomcat server to 7.0.100, 8.5.51, 9.0.31 or later.
VUF-15861972
Apache Tomcat AJP Connector Request Injection (Ghostcat)
VUF-15861967
Apache Tomcat AJP Connector Request Injection (Ghostcat)
Release : 12.1
Component : CA WORKLOAD AUTOMATION iDASH FOR CA 7