CVE-2020-1745
- Source
- https://cve.org/CVERecord?id=CVE-2020-1745
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1745.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-1745
- Aliases
- Downstream
- Published
- 2020-04-28T15:15:13.037Z
- Modified
- 2026-04-11T20:33:34.897488Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
- References
-
- https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/
- https://www.cnvd.org.cn/webinfo/show/5415
- https://security.netapp.com/advisory/ntap-20240216-0011/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
- https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
Affected packages
Git / github.com/undertow-io/undertow
Affected ranges
- Type
- GIT
- Repo
- https://github.com/undertow-io/undertow
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "source": "CPE_FIELD", "cpe": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "last_affected": "2.0.29" } ] }
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha10
1.0.0.Alpha11
1.0.0.Alpha12
1.0.0.Alpha13
1.0.0.Alpha14
1.0.0.Alpha15
1.0.0.Alpha16
1.0.0.Alpha17
1.0.0.Alpha18
1.0.0.Alpha19
1.0.0.Alpha2
1.0.0.Alpha20
1.0.0.Alpha21
1.0.0.Alpha22
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Alpha5
1.0.0.Alpha6
1.0.0.Alpha7
1.0.0.Alpha8
1.0.0.Alpha9
1.0.0.Beta1
1.0.0.Beta10
1.0.0.Beta11
1.0.0.Beta12
1.0.0.Beta13
1.0.0.Beta14
1.0.0.Beta15
1.0.0.Beta16
1.0.0.Beta17
1.0.0.Beta18
1.0.0.Beta19
1.0.0.Beta2
1.0.0.Beta20
1.0.0.Beta21
1.0.0.Beta22
1.0.0.Beta23
1.0.0.Beta24
1.0.0.Beta25
1.0.0.Beta26
1.0.0.Beta27
1.0.0.Beta28
1.0.0.Beta29
1.0.0.Beta3
1.0.0.Beta30
1.0.0.Beta31
1.0.0.Beta32
1.0.0.Beta33
1.0.0.Beta4
1.0.0.Beta5
1.0.0.Beta6
1.0.0.Beta7
1.0.0.Beta8
1.0.0.Beta9
1.0.0.CR1
1.0.0.CR2
1.0.0.CR3
1.0.0.CR4
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.1.0.Beta1
1.1.0.Beta2
1.1.0.Beta3
1.1.0.Beta4
1.1.0.Beta5
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.2.0.Beta1
1.2.0.Beta10
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.CR1
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.3.0.Beta1
1.3.0.Beta10
1.3.0.Beta11
1.3.0.Beta12
1.3.0.Beta13
1.3.0.Beta2
1.3.0.Beta3
1.3.0.Beta4
1.3.0.Beta5
1.3.0.Beta6
1.3.0.Beta7
1.3.0.Beta8
1.3.0.Beta9
1.3.0.CR1
1.3.0.CR2
1.3.0.CR3
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
2.*
2.0.0.Alpha1
2.0.0.Beta1
2.0.0.Final
2.0.1.Final
2.0.10.Final
2.0.11.Final
2.0.12.Final
2.0.13.Final
2.0.14.Final
2.0.15.Final
2.0.16.Final
2.0.17.Final
2.0.2.Final
2.0.20.Final
2.0.21.Final
2.0.22.Final
2.0.23.Final
2.0.24.Final
2.0.25.Final
2.0.26.Final
2.0.27.Final
2.0.28.Final
2.0.29.Final
2.0.3.Final
2.0.4.Final
2.0.5.Final
2.0.6.Final
2.0.7.Final
2.0.8.Final
2.0.9.Final