CVE-2020-1938 - Vulnerability Details

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since March 3, 2022.

The EPSS score is 0.94469.

Exploitation active

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache

Apache Tomcat

affected

Version	Status	Constraints
`Apache Tomcat 9.0.0.M1 to 9.0.0.30`	affected	—
`8.5.0 to 8.5.50`	affected	—
`7.0.0 to 7.0.99`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:apache:geode:1.12.0:::::::*
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*
	cpe:2.3:o:fedoraproject:fedora:32:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.3:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.5:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:::::::*
	cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2:::::::*
	cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:siebel_ui_framework::::::::
	cpe:2.3:a:oracle:transportation_management:6.3.7:::::::*
	cpe:2.3:a:oracle:workload_manager:12.2.0.1:::::::*
	cpe:2.3:a:oracle:workload_manager:18c:::::::*
	cpe:2.3:a:oracle:workload_manager:19c:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 5 [-]

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 6 [-]

OR	cpe:2.3:a:blackberry:good_control::::::::
	cpe:2.3:a:blackberry:workspaces_server:7.0.1:::::::*
	cpe:2.3:a:blackberry:workspaces_server:7.1.2:::::::*
	cpe:2.3:a:blackberry:workspaces_server:8.1.0:::::::*
	cpe:2.3:a:blackberry:workspaces_server:9.0:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:oncommand_system_manager::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
tomcat6-0:6.0.24-114.el6_10	cpe:/o:redhat:enterprise_linux:6	RHSA-2020:0912	2020-03-23T00:00:00Z
Red Hat Enterprise Linux 7
tomcat-0:7.0.76-11.el7_7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:0855	2020-03-17T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
tomcat-0:7.0.76-10.el7_6	cpe:/o:redhat:rhel_eus:7.6	RHSA-2020:2840	2020-07-07T00:00:00Z
Red Hat Enterprise Linux 8
pki-core:10.6-8030020200911215836.5ff1562f	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
pki-deps:10.6-8030020200527165326.30b713e6	cpe:/a:redhat:enterprise_linux:8	RHSA-2020:4847	2020-11-04T00:00:00Z
Red Hat Fuse 7.9
tomcat	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:3140	2021-08-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
jbossweb	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2020:1479	2020-04-14T00:00:00Z
jbossweb	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2020:2783	2020-07-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5
jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:1478	2020-04-14T00:00:00Z
glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2020:2781	2020-07-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:1478	2020-04-14T00:00:00Z
glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2020:2779	2020-07-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
jbossweb-0:7.5.30-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:1478	2020-04-14T00:00:00Z
glassfish-jsf12-eap6-0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
hornetq-0:2.3.25-29.SP31_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
ironjacamar-eap6-0:1.0.44-1.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbosgi-repository-0:2.1.0-3.Final_redhat_3.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-appclient-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-appclient-0:7.5.23-4.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-bundles-0:7.5.23-4.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-cli-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-client-all-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-clustering-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-cmp-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-connector-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-controller-client-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-core-0:7.5.23-4.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-core-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-deployment-repository-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-deployment-scanner-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-domain-0:7.5.23-4.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-domain-http-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-domain-management-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-ee-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-ee-deployment-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-ejb3-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-embedded-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-host-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jacorb-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-javadocs-0:7.5.23-2.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jaxr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jaxrs-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jdr-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jpa-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jsf-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-jsr77-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-logging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-mail-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-management-client-content-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-messaging-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-modcluster-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-modules-eap-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-naming-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-network-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-osgi-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-osgi-service-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-picketlink-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-platform-mbean-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-pojo-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-process-controller-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-product-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-protocol-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-remoting-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-sar-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-security-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-server-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-standalone-0:7.5.23-4.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-system-jmx-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-threads-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-transactions-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-version-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-web-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-webservices-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossas-welcome-content-eap-0:7.5.23-4.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-weld-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-as-xts-0:7.5.23-3.Final_redhat_00002.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jboss-remoting3-jmx-0:1.1.4-2.Final_redhat_00001.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
jbossweb-0:7.5.31-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
weld-core-0:1.1.34-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2020:2780	2020-07-01T00:00:00Z
Red Hat JBoss Web Server 3.1
ajp	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2020:0860	2020-03-17T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
tomcat7-0:7.0.70-38.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2020:0861	2020-03-17T00:00:00Z
tomcat8-0:8.0.36-42.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2020:0861	2020-03-17T00:00:00Z
tomcat-native-0:1.2.23-21.redhat_21.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2020:0861	2020-03-17T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
tomcat7-0:7.0.70-38.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2020:0861	2020-03-17T00:00:00Z
tomcat8-0:8.0.36-42.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2020:0861	2020-03-17T00:00:00Z
tomcat-native-0:1.2.23-21.redhat_21.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2020:0861	2020-03-17T00:00:00Z
Red Hat JBoss Web Server 5.3 on RHEL 6
jws5-tomcat-0:9.0.30-3.redhat_4.1.el6jws	cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6	RHSA-2020:1520	2020-04-21T00:00:00Z
jws5-tomcat-native-0:1.2.23-4.redhat_4.el6jws	cpe:/a:redhat:jboss_enterprise_web_server:5.3::el6	RHSA-2020:1520	2020-04-21T00:00:00Z
Red Hat JBoss Web Server 5.3 on RHEL 7
jws5-tomcat-0:9.0.30-3.redhat_4.1.el7jws	cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7	RHSA-2020:1520	2020-04-21T00:00:00Z
jws5-tomcat-native-0:1.2.23-4.redhat_4.el7jws	cpe:/a:redhat:jboss_enterprise_web_server:5.3::el7	RHSA-2020:1520	2020-04-21T00:00:00Z
Red Hat JBoss Web Server 5.3 on RHEL 8
jws5-tomcat-0:9.0.30-3.redhat_4.1.el8jws	cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8	RHSA-2020:1520	2020-04-21T00:00:00Z
jws5-tomcat-native-0:1.2.23-4.redhat_4.el8jws	cpe:/a:redhat:jboss_enterprise_web_server:5.3::el8	RHSA-2020:1520	2020-04-21T00:00:00Z
Red Hat JBoss Web Server (JWS) 5.3
ajp	cpe:/a:redhat:jboss_enterprise_web_server:5.3	RHSA-2020:1521	2020-04-21T00:00:00Z
Red Hat Runtimes Spring Boot 2.1.13
tomcat	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2020:2367	2020-06-04T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Apache Subscribe	Geode Subscribe Tomcat Subscribe
Blackberry Subscribe	Good Control Subscribe Workspaces Server Subscribe
Debian Subscribe	Debian Linux Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Netapp Subscribe	Data Availability Services Subscribe Oncommand System Manager Subscribe
Opensuse Subscribe	Leap Subscribe
Oracle Subscribe	Agile Engineering Data Management Subscribe Agile Plm Subscribe Communications Element Manager Subscribe Communications Instant Messaging Server Subscribe Health Sciences Empirica Inspections Subscribe Health Sciences Empirica Signal Subscribe Hospitality Guest Access Subscribe Instantis Enterprisetrack Subscribe Mysql Enterprise Monitor Subscribe Siebel Ui Framework Subscribe Transportation Management Subscribe Workload Manager Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Web Server Subscribe Jboss Fuse Subscribe Openshift Application Runtimes Subscribe Rhel Eus Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-2133-1	tomcat7 security update
Debian DLA	DLA-2209-1	tomcat8 security update
Debian DSA	DSA-4673-1	tomcat8 security update
Debian DSA	DSA-4680-1	tomcat9 security update
Github GHSA	GHSA-c9hw-wf7x-jp9j	Improper Privilege Management in Tomcat

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html
http://support.blackberry.com/kb/articleDetail?articleNumber=000062739
https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E
https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E
https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/
https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/
https://nvd.nist.gov/vuln/detail/CVE-2020-1938
https://security.gentoo.org/glsa/202003-43
https://security.netapp.com/advisory/ntap-20200226-0002/
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938
https://www.cnvd.org.cn/webinfo/show/5415
https://www.cve.org/CVERecord?id=CVE-2020-1938
https://www.debian.org/security/2020/dsa-4673
https://www.debian.org/security/2020/dsa-4680
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487

History

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938

Thu, 06 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2020-02-24T21:19:18.000Z

Updated: 2025-10-21T23:35:50.835Z

Reserved: 2019-12-02T00:00:00.000Z

Link: CVE-2020-1938

Vulnrichment

Updated: 2024-08-04T06:54:00.412Z

NVD

Status : Analyzed

Published: 2020-02-24T22:15:12.057

Modified: 2025-10-27T17:37:12.387

Link: CVE-2020-1938

Redhat

Severity : Important

Publid Date: 2020-02-20T00:00:00Z

Links: CVE-2020-1938 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation active

Automatable yes

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object