CVE-2020-1745 : A file inclusion vulnerability was found in the AJP connector enabled with a def

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

Published 2020-04-28 15:15:13

Updated 2024-02-16 13:15:09

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute codeBypassGain privilege

Products affected by CVE-2020-1745

Redhat » Undertow
Versions up to, including, (<=) 2.0.29
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-1745

Top countries where our scanners detected CVE-2020-1745

Top open port discovered on systems with this issue 80

IPs affected by CVE-2020-1745 5,811

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-1745!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-1745

EPSS FAQ

2.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-1745

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L	3.9	4.7	Red Hat, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: Low
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L	3.9	4.7	Red Hat, Inc.	2024-02-16
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: Low

CWE ids for CVE-2020-1745

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: secalert@redhat.com (Secondary)

References for CVE-2020-1745

https://security.netapp.com/advisory/ntap-20240216-0011/

CVE-2020-1745 Undertow Vulnerability in NetApp Products | NetApp Product Security
https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

CVE-2020-1938: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (CNVD-2020-10487) - Blog | Tenable®
Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745

1807305 – (CVE-2020-1745) CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
Issue Tracking;Third Party Advisory
https://www.cnvd.org.cn/webinfo/show/5415

国家信息安全漏洞共享平台
Not Applicable
https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/

CVE-2020-1938: Apache Tomcat AJP Connector Remote Code Execution Vulnerability Alert • InfoTech News
Not Applicable