CVE-2020-1938
Apache Tomcat Improper Privilege Management Vulnerability
CVSS
—
No CVSS
EPSS
99.3%
p100
KEV
YES
Mar 3, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.3%EPSS · 30 days99.3%
2026-06-302026-07-16
Product
Apache / Tomcat
Vulnerability
Apache Tomcat Improper Privilege Management Vulnerability
Added to KEV
Mar 3, 2022
Remediate by
Mar 17, 2022
Known ransomware use
No
Summary description
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1938
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2017-12617—100.0%
KEV—80Apache Tomcat Remote Code Execution Vulnerability—CVE-2025-24813—100.0%
KEV—80Apache Tomcat Path Equivalence Vulnerability—CVE-2017-12615—99.9%
KEV—80Apache Tomcat on Windows Remote Code Execution Vulnerability—CVE-2016-8735—99.8%
KEV—80Apache Tomcat Remote Code Execution Vulnerability—