Exploit for #VU25502 Path traversal in Apache Tomcat
Vulnerability identifier: #VU25502
Vulnerability risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploits in database: 36
- February 22, 2023
- August 21, 2022
- August 15, 2021
- July 25, 2021
- CVE_2020_1938 () [Github]
- July 12, 2021
- April 28, 2021
- CVE-2020-1938 () [Github]
- April 1, 2021
- CVE-2020-1938-Tool (批量检测幽灵猫漏洞) [Github]
- March 30, 2021
- February 1, 2021
- December 3, 2020
- Ghostcat [Metasploit]
- July 20, 2020
- July 15, 2020
- June 3, 2020
- CNVD-2020-10487-Tomcat-Ajp-lfi-Scanner (Cnvd-2020-10487 / cve-2020-1938, scanner tool) [Github]
- GhostCat-LFI-exp (CVE-2020-1938) [Github]
- CVE-2020-1938 (This is about CVE-2020-1938) [Github]
- CVE-2020-1938-Tool (批量检测幽灵猫漏洞) [Github]
- CNVD-2020-10487 (CVE-2020-1938 / CNVD-2020-1048 Detection Tools) [Github]
- CVE-2020-1938TomcatAjpScanner (批量扫描TomcatAJP漏洞) [Github]
- CVE-2020-1938-Tomact-file_include-file_read (Tomcat的文件包含及文件读取漏洞利用POC) [Github]
- CVE-2020-1938 (在一定条件下可执行命令) [Github]
- CVE-2020-1938 () [Github]
- CVE-2020-1938 (CVE-2020-1938漏洞复现) [Github]
- May 12, 2020
- Ghostcat (CVE-2020-1938 exploit) [Github]
- April 7, 2020
- March 18, 2020
- CVE-2020-1938 () [Github]
- CNVD-2020-10487-Bulk-verification (CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本,批量验证,并自动截图,方便提交及复核) [Github]
- CNVD-2020-10487-Tomcat-ajp-POC (CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc) [Github]
- CVE-2020-1938 (CVE-2020-1938) [Github]
- tomcat-cve-2020-1938-check () [Github]
- Ghostcat-CNVD-2020-10487 (Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938) ) [Github]
- CVE_2020_1938_ajp_poc (CVE_2020_1938_ajp_poc) [Github]
- ghostcat-verification (Learnings on how to verify if vulnerable to Ghostcat (aka CVE-2020-1938)) [Github]
- Ghostcat-CVE-2020-1938 (Test Explo for Ghostcat CVE-2020-1938) [Github]
- CVE-2020-1938 () [Github]
- CVE-2020-1938-Clean-Version (CVE-2020-1938(GhostCat) clean and readable code version) [Github]
Impact: Code execution
Vulnerable software:
Apache Tomcat
Server applications /
Web servers
Vendor: Apache Foundation
