Reported Vulnerability
AJP Request Injection and potential Remote Code Execution vulnerability in Tomcat server.
Reported Products
WSO2 API Manager
WSO2 Identity Server
WSO2 Enterprise Integrator
WSO2 Stream Processor
WSO2 Clarification
This vulnerability affects Tomcat deployments where AJP port is accessible to untrusted parties.
WSO2 products do not enable AJP and it is not recommended to use AJP with WSO2 products. Therefore, there is no possibility to exploit this vulnerability by connecting to the WSO2 servers via AJP.
CVE References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
Overview
Content Tools
Activity