Apache-Tomcat-Ajp Vulnerability (CVE-2020-1938) vulnerability reproduction and processing

Others 2020-02-22 11:10:47 views: null

Refer to the specific circumstances of vulnerability: http://blog.nsfocus.net/cve-2020-1938/

Reproduction Reference: https://github.com/0nise/CVE-2020-1938

Of particular note is that before tomcat, AJP is on by default! ! ! !

Local reproduce, version Tomcat 7.0.95:

1. server.xml configuration:

Start tomcat, cmd, execute the command:

You can read the file. Modify server.xml configuration:

Start tomcat, access the test again:

Prohibited visited. Description Our configuration worked.

http://blog.nsfocus.net/cve-2020-1938/ the link, said use TOMCAT 7

address="127.0.0.1" secret="xxxxx"

It should be wrong. After testing, Tomcat7 should use:

address="127.0.0.1" requiredSecret="xxxx"

Tested prevail! ! !

For insurance purposes, plus all the best:

address="127.0.0.1" secret="xxxxx" requiredSecret="xxxx"

Guess you like

Origin www.cnblogs.com/digdeep/p/12344434.html

Apache-Tomcat-Ajp Vulnerability (CVE-2020-1938) vulnerability reproduction and processing

CVE-2020-1938: Apache-Tomcat-Ajp vulnerability reproduction

CVE-2020-1938 Apache-Tomcat-Ajp vulnerability reproduction

CVE-2020-1938 Apache-Tomcat-Ajp (Ghost Cat) file contains the vulnerability reproduction

CVE-2020-1938 Apache-Tomcat-Ajp vulnerability reproduced and hardened

Reproduction of Tomcat arbitrary file reading vulnerability, ID: CVE-2020-1938

Tomcat AJP protocol file contains a vulnerability (CVE-2020-1938)

Aapache Tomcat AJP file contains Vulnerability (CVE-2020-1938)

tomcat AJP file contains vulnerability (CVE-2020-1938)

Tomcat file reading & file inclusion vulnerability (CVE-2020-1938)

Apache Tomcat JServ vulnerability verification test (CNVD-2020-10487 CVE-2020-1938)

Spring boot web project on Apache Tomcat files containing the rectification method Vulnerability (CVE-2020-1938) is

Tomcat vulnerability reproduction

[Vulnerability reproduction] Apache Solr RCE

Vulnerability reproduction - Tomcat arbitrary file upload vulnerability (CVE-2017-12615)

Apache Tomcat information disclosure vulnerability CVE-2023-28708 processing

CVE-2020-1938 Apache-Tomcat-Ajp file contains loopholes reproducibility

CVE-2018-4878 vulnerability reproduction

weblogic (CVE-2018-2628 vulnerability reproduction)

【Network security】CVE vulnerability analysis and reproduction

Reproduction and analysis of kubelet vulnerability CVE-2020-8559

Principle and reproduction of clickjacking vulnerability

Apache Log4j Server deserialization command execution vulnerability (CVE-2017-5645) (detailed vulnerability reproduction process)

tomcat AJP file contains vulnerability (CVE-2020-1938)

CVE-2020-1938 Apache Tomcat AJP File Inclusion Vulnerabilities

Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2016-3088) reproduction

Recommended

微软回应中国区AI团队“打包赴美”传闻

Ranking

How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)

sudo echo command execution Permission denied

ADO: Using Transactions to Operate Oracle Database

[Java] [Class and Object] equals, hashCode, clone methods

Linux virtual host function

Порт управления rabbitmq открыт

on,where

jQuery WeUI

How can there be a weed pilot in Hangzhou?

tcp / ip model four

Daily

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)