{"vulnerability": "CVE-2020-1938", "sightings": [{"uuid": "bbc7d778-b6d1-4fb1-aa89-fec608836931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "MISP/9058a762-f0d3-488f-ae31-be7a27aa95fb", "content": "", "creation_timestamp": "2020-10-09T14:01:51.000000Z"}, {"uuid": "395660bb-3bea-4f8b-8b2b-da3c4d7a0623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "959a5700-e446-4a23-a5ab-818d6dc2fc71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "exploited", "source": "https://www.exploit-db.com/exploits/49039", "content": "", "creation_timestamp": "2020-11-13T00:00:00.000000Z"}, {"uuid": "ad707191-5212-46f7-a1f0-4ffb0d1a02d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971356", "content": "", "creation_timestamp": "2024-12-24T20:28:06.485888Z"}, {"uuid": "781978bf-668d-4e46-8046-b8b832c5114e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "0e85b9b4-ddd3-4c27-9476-eac8aaa0f119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:26.000000Z"}, {"uuid": "f43bd574-1145-4537-8194-adc2e07b89d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/tomcat_ghostcat.rb", "content": "", "creation_timestamp": "2020-12-03T16:03:35.000000Z"}, {"uuid": "aacfa7f7-9090-457d-b699-f9579491e48e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:26.000000Z"}, {"uuid": "c19605a6-0af7-4964-adbe-9290bbfd0d06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://gist.github.com/kennyHH/df1dba0bcb435ccd76774b81dcef4ea5", "content": "", "creation_timestamp": "2025-10-26T11:04:27.000000Z"}, {"uuid": "1f4f9ae3-7569-470e-9645-a7db55da5986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "MISP/d0bda5d9-8cbc-4c6c-8803-a5e3150f9ec2", "content": "", "creation_timestamp": "2025-09-01T19:03:03.000000Z"}, {"uuid": "250cfd2b-9686-4915-8972-57c448b36d4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/vakava-haavoittuvuus-tomcat-sovellusalustassa-cve-2020-1938-ghostcat", "content": "", "creation_timestamp": "2020-03-04T11:14:10.000000Z"}, {"uuid": "adcb0adb-9785-4ad1-8ac6-35758e571179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/79258", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #\u6f0f\u6d1e #\u9a8c\u8bc1\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2020-1938\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a With-fate\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-07 13:57:18\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nApache Tomcat(CVE-2020-1938)\u6f0f\u6d1e\u9a8c\u8bc1\u811a\u672c\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-07T14:00:20.000000Z"}, {"uuid": "3bf39484-a28d-4f09-9808-1ec4a92355db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-1938", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/04e71227-7785-4ca5-858e-b6d42845f8de", "content": "", "creation_timestamp": "2026-02-02T12:28:11.871724Z"}, {"uuid": "edde692b-eb26-43e7-9f55-8d4ea9ce6aa0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "Telegram/BEGHvjeMZGgXWSA_Z9ohv0RebKFp9tt0rX98-HUWwygFBBw", "content": "", "creation_timestamp": "2025-12-12T03:00:11.000000Z"}, {"uuid": "4b4b3bbd-f5f1-48d5-8bb8-f1d969dd0647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/rce/tomcat/ghostcat", "content": "", "creation_timestamp": "2021-02-05T21:43:47.000000Z"}, {"uuid": "e838d1e7-2ae9-4f2e-acba-c9a38941b867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8487", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1agetshell\n\u63cf\u8ff0\uff1a\u6700\u65b0tomcat\u81ea\u52a8\u5316\u6f0f\u6d1e\u626b\u63cf\u5229\u7528\u5de5\u5177\uff0c\u652f\u6301\u6279\u91cf\u5f31\u53e3\u4ee4\u68c0\u6d4b\u3001\u540e\u53f0\u90e8\u7f72war\u5305getshell\u3001CVE-2017-12615 \u6587\u4ef6\u4e0a\u4f20\u3001CVE-2020-1938/CNVD-2020-10487 \u6587\u4ef6\u5305\u542b\nURL\uff1ahttps://github.com/lizhianyuguangming/TomcatScanPro\n\n\u6807\u7b7e\uff1a#getshell", "creation_timestamp": "2024-09-09T02:26:19.000000Z"}, {"uuid": "4030b2fb-9f49-43c1-b959-4427bc49b86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "Telegram/2VpkGdUNjYoarYnol6Z9IkHtEM3-uUmyArzNM6QRuvSvsgQ", "content": "", "creation_timestamp": "2025-09-18T09:00:04.000000Z"}, {"uuid": "ab8babf3-a9df-4044-9ea0-275742be1830", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "Telegram/lujNQnic_-sUK-YsSuyah-XVcicWAgU2QlyzszHcqTMUzpI", "content": "", "creation_timestamp": "2026-04-08T07:00:13.000000Z"}, {"uuid": "4bde57a9-c544-4919-87d9-9c94ab5d1dcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "Telegram/Wl9CrQOxsQx4KE-BWCuSJcJWoX1uryv_sC7BNGTK9kDjsYQ", "content": "", "creation_timestamp": "2026-04-07T21:00:05.000000Z"}, {"uuid": "2fdf69c6-9119-415f-b1fb-3009dd61a9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "Telegram/Mw0Ctk5qQ9M_cnnZZGiTkYGqKNeE1tbC3Cxhbxy9eIQ0t04", "content": "", "creation_timestamp": "2026-04-08T09:00:13.000000Z"}, {"uuid": "f2bc463e-d699-4738-99f6-9207dcd8fdf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2773", "content": "Ghostcat\nCVE-2020-1938\n\n\u0427\u0442\u0435\u043d\u0438\u0435 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u043e\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 tomcat ajp.\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438:\n \u0444\u0430\u0439\u043b\u0430\n\u0412\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u0430\n\u0421\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u0430\n\n#CVE #RCE", "creation_timestamp": "2023-03-23T13:07:40.000000Z"}, {"uuid": "3c0deaac-5fe7-477b-924a-c1d81e445a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "exploited", "source": "https://t.me/ctinow/21674", "content": "Apache Tomcat Exploit Poised to Pounce, Stealing Files Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers. https://threatpost.com/apache-tomcat-exploit-stealing-files/154055/", "creation_timestamp": "2020-03-24T12:02:04.000000Z"}, {"uuid": "8861209a-801f-486c-b1b7-7952c0ced61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://t.me/arpsyndicate/1706", "content": "#ExploitObserverAlert\n\nCVE-2020-1938\n\nDESCRIPTION: Exploit Observer has 242 entries related to CVE-2020-1938. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\n\nFIRST-EPSS: 0.974830000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-11T05:46:18.000000Z"}, {"uuid": "cc778c52-9dfc-4a21-9815-d55d27608434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/Teamx1945x/1044", "content": "\ud83d\udd30 \u0623\u0647\u0645 \u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641\u00a0 \u0645\u0639 POC\n\nCVE-2020-17530 |\u00a0 \u0623\u0628\u0627\u062a\u0634\u064a \u0627\u0644\u062f\u0639\u0627\u0645\u0627\u062a RCE\n\nhttps://youtu.be/MUAAwijvAe8\n\n\u0633\u0627\u0644\u062a\u0633\u062a\u0627\u0643 \u0622\u0631 \u0633\u064a \u0625\u064a |\u00a0 CVE-2020-16846\n\nhttps://youtu.be/5cV9wh2w-O8\n\n\u0623\u0628\u0627\u062a\u0634\u064a \u0623\u0648\u0646\u0648\u0645\u064a RCE |\u00a0 CVE-2020-13942\n\nhttps://youtu.be/iz6wjdGnpds\n\n\u0634\u0628\u062d \u0627\u0644\u0642\u0637 |\u00a0 CVE-2020-1938\n\nhttps://youtu.be/3TGIg1x4XwU\n\n\u0623\u0648\u0631\u0627\u0643\u0644 \u0648\u064a\u0628 \u0644\u0648\u062c\u064a\u0643 RCE |\u00a0 CVE-2020-14882\n\nhttps://youtu.be/t-sxvcZNFZo\n\n\u0623\u0628\u0627\u062a\u0634\u064a \u062a\u0648\u0645\u0643\u0627\u062a RCE |\u00a0 CVE-2020-9484\n\nhttps://youtu.be/nF8tfsY74ws\n\n\u0645\u0648\u062f\u0644 \u0622\u0631 \u0633\u064a \u0625\u064a |\u00a0 CVE-2020-14321\n\nhttps://youtu.be/BkEInFI4oIU\n\n\u0633\u064a\u0633\u0643\u0648 CVE-2020-3452 \u0635\n\nhttps://youtu.be/-UldKwwVgHE\n\n\u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c \u0627\u0644\u0645\u0633\u0627\u0639\u062f \u0644\u0642\u0627\u0639\u062f\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0648\u0631\u062f\u0628\u0631\u064a\u0633 |\u00a0 CVE-2020-7048\n\nhttps://youtu.be/nj_dqcvrwp4\n\nCVE-2020-5902 F5 \u0639\u0646\u0648\u0627\u0646 IP \u0643\u0628\u064a\u0631\n\nhttps://youtu.be/-ppzdYDk-ZM\n\n\u0645\u0642\u0627\u0637\u0639 \u0641\u064a\u062f\u064a\u0648 \u0623\u062e\u0631\u0649 \u062d\u0648\u0644 CVE PoC\n\nhttps://youtube.com/playlist?list=PLiVfOzljj-46iFcif16qMaPP84ZxCZ4Mb\n\n\u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0645\u062e\u062a\u0628\u0631 \u0645\u0643\u0627\u0641\u062d\u0629 \u0627\u0644\u062a\u0637\u0631\u0641 \u0627\u0644\u0639\u0646\u064a\u0641: https://www.vulnmachines.com", "creation_timestamp": "2024-03-29T18:27:13.000000Z"}, {"uuid": "e43a62d1-9fc2-4d4e-9fc9-4e917956ec9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://t.me/arpsyndicate/1025", "content": "#ExploitObserverAlert\n\nCVE-2020-1938\n\nDESCRIPTION: Exploit Observer has 241 entries related to CVE-2020-1938. When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.\n\nFIRST-EPSS: 0.974830000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T20:46:45.000000Z"}, {"uuid": "62ce660e-4a57-4eea-a5dc-1ea3a3ac14aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/4121", "content": "#GitHub #Tools\n\nOsintIA_Tools.py is an automated tool for collecting and analyzing public information that combines OSINT techniques with artificial intelligence, providing detailed insights into cybersecurity, potential vulnerabilities, and best mitigation practices.\n\nhttps://github.com/andersonsevla/OsintIA_Tools\n\nGhostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)\n\nhttps://github.com/00theway/Ghostcat-CNVD-2020-10487\n\nInformation gathering framework for phone numbers\n\nhttps://github.com/sundowndev/phoneinfoga\n\n\ud83e\udd80 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust.\n\nhttps://github.com/joaoviictorti/RustRedOps\n\n\ud83d\udd73 bore is a simple CLI tool for making tunnels to localhost\n\nhttps://github.com/ekzhang/bore\n\n#Tools@dilagrafie", "creation_timestamp": "2025-01-26T04:18:59.000000Z"}, {"uuid": "cba2dee3-041f-455a-9b5e-c6d0f9bc780b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "Telegram/Et5iVFSCdUPdUHeaaqlJJet8Ug6v7OSAbBycvWTpNUP7fWw", "content": "", "creation_timestamp": "2025-02-24T22:00:05.000000Z"}, {"uuid": "c1a2547e-2627-47d6-a509-32696964fa7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://t.me/breachdetector/346846", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"CVE-2020-1938 Ghostcat G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Nedir ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"27 Sep 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-09-27T10:02:53.000000Z"}, {"uuid": "edaeac0b-bc72-45df-8c7e-f63707d5c688", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/812", "content": "TomGhost GhostCat (CVE-2020-1938) root privilege zip! | Bug Bounty\nhttps://youtu.be/Sc18-jsRb3Q", "creation_timestamp": "2022-07-08T22:40:48.000000Z"}, {"uuid": "c09a4e28-061d-4822-90c1-cefe26ee8474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://t.me/breachdetector/346867", "content": "{\n  \"Source\": \"https://www.turkhackteam.org/\",\n  \"Content\": \"What is CVE-2020-1938 Ghostcat Vulnerability ?\", \n  \"author\": \" ('BARBAROS)\",\n  \"Detection Date\": \"27 Sep 2023\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2023-09-27T10:29:22.000000Z"}, {"uuid": "1ff6bb4e-c622-4cf9-b207-aa51dc09429c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/705", "content": "#exploit                                                                                                                             CVE-2020-1938: \nGhostcat - Apache Tomcat (9.0.0.M1 - 9.0.0.30, 8.5.0 - 8.5.50, 7.0.0 - 7.0.99) Apache JServ Protocol File Read/Inclusion\nhttps://www.chaitin.cn/en/ghostcat#download\n]-&gt; Detection tool:\nhttps://github.com/chaitin/xray/releases\n]-&gt; PoCs:\nhttps://github.com/YDHCUI/CNVD-2020-10487-Tomcat-Ajp-lfi\nhttps://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC\nhttps://github.com/0nise/CVE-2020-1938\nhttps://github.com/xindongzhuaizhuai/CVE-2020-1938\nhttps://github.com/laolisafe/CVE-2020-1938\n]-&gt; YARA rule to detect:\nhttps://github.com/Neo23x0/signature-base/blob/master/yara/vul_cve_2020_1938.yar", "creation_timestamp": "2024-10-10T02:21:50.000000Z"}, {"uuid": "158c06a1-ddc3-42bd-a4a2-7d9a96c87579", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "exploited", "source": "https://t.me/cibsecurity/10689", "content": "\u274c Apache Tomcat Exploit Poised to Pounce, Stealing Files \u274c\n\nResearchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers.\n\n\ud83d\udcd6 Read\n\nvia \"Threatpost\".", "creation_timestamp": "2020-03-23T22:25:31.000000Z"}, {"uuid": "cdc7edc3-431a-4aab-8bca-a9c432910e05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "exploited", "source": "https://t.me/information_security_channel/35632", "content": "Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks\nhttp://feedproxy.google.com/~r/Securityweek/~3/XIGjUZLWxSo/hackers-scanning-apache-tomcat-servers-vulnerable-ghostcat-attacks\n\nHackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat (https://www.securityweek.com/apache-tomcat-affected-serious-ghostcat-vulnerability).\nread more (https://www.securityweek.com/hackers-scanning-apache-tomcat-servers-vulnerable-ghostcat-attacks)", "creation_timestamp": "2020-03-05T13:47:37.000000Z"}, {"uuid": "23ce85ac-61a3-45b7-b4f2-c763b5c5fa6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "seen", "source": "https://t.me/information_security_channel/35509", "content": "RT @TheHackersNews: \ud83d\udc31 GhostCat ~ A new high risk 'file read/inclusion' vulnerability (CVE-2020-1938) affects all versions of 'Apache Tomcat\u2026", "creation_timestamp": "2020-03-01T09:32:53.000000Z"}, {"uuid": "59731dec-aa4d-45e9-915b-fa1c6879ccc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/618", "content": "\ud83d\udc31 GhostCat ~ A new high risk 'file read/inclusion' vulnerability (CVE-2020-1938) affects all versions of the 'Apache Tomcat' (9.x/8.x/7.x/6.x) released in the past 13 years.\n\nRead details: https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html\n\nWeb admins should patch it immediately, as several proof-of-concept (PoC) exploits have been posted online.", "creation_timestamp": "2020-02-28T19:26:21.000000Z"}, {"uuid": "ded434b2-0946-43af-8b8c-315d15627970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "exploited", "source": "https://t.me/SecLabNews/7011", "content": "\u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Bad Packets \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0435 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0421\u0435\u0442\u0438 \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Apache Tomcat, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Ghostcat (CVE-2020-1938). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438.    \n\u041f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044e\u0442 \u0421\u0435\u0442\u044c \u043d\u0430 \u043f\u0440\u0435\u0434\u043c\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Apache Tomcat", "creation_timestamp": "2020-03-03T17:01:44.000000Z"}, {"uuid": "408d0fae-3d14-4f1a-9674-f24df6f895e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2962", "content": "#Whitepaper\n\"Apache Ghostcat Exploitation\", 2020.\n// This whitepaper focuses on explaining the Apache Ghostcat vulnerability (CVE-2020-1938) and how it can be used to read file contents of all web applications deployed on Tomcat", "creation_timestamp": "2021-03-23T11:01:10.000000Z"}, {"uuid": "a8f336cc-8b23-4183-bbbc-eda68250447f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1938", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2358", "content": "#Analytics\nTop-10 exploited vulnerabilities in July-December 2020:\n1. CVE-2020-0601 - CurveBall CryptoAPI\nhttps://t.me/cybersecuritytechnologies/628\n2. CVE-2019-17026/CVE-2020-0674 - 0-Day Vulnerability in Mozilla Firefox\nhttps://t.me/cybersecuritytechnologies/914\n3. CVE-2020-0796 - Windows SMBv3 LPE exploit\nhttps://t.me/cybersecuritytechnologies/874\n4. CVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\n5. CVE-2020-5902/5903 - F5 BigIP TMUI Critical RCE\nhttps://t.me/cybersecuritytechnologies/1378\n6. CVE-2018-10561 - Dasan GPON Router Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/51\n7. CVE-2020-1350 - Exploit SIGRed\nhttps://t.me/cybersecuritytechnologies/1422\n8. CVE-2020-15999 + CVE-2020-17087 = Win Kernel cng.sys buffer overflow 0-Day\nhttps://t.me/cybersecuritytechnologies/1960\nhttps://t.me/cybersecuritytechnologies/2010\n9. CVE-2020-16898 - \"Bad Neighbor\" RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/1912\n10. CVE-2020-1938 - \"Ghostcat\" Apache Tomcat\nhttps://t.me/cybersecuritytechnologies/705", "creation_timestamp": "2025-01-04T20:00:34.000000Z"}]}