CVE-2020-1938.

Discussion: A file read/inclusion vulnerability was found in AJP connector. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and gain remote code execution (RCE).

Recommended Remediation: Update the AJP configuration to require authorization and/or upgrade the Tomcat server to 7.0.100, 8.5.51, 9.0.31 or later.

VUF-15861972

Apache Tomcat AJP Connector Request Injection (Ghostcat)

VUF-15861967

Apache Tomcat AJP Connector Request Injection (Ghostcat)

Release : 12.1

Component : CA WORKLOAD AUTOMATION iDASH FOR CA 7