[Git][security-tracker-team/security-tracker][master] Tomcat CVE-2020-1938

[Thijs Kinkhorst]

Thijs Kinkhorst pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29ad6a61 by Thijs Kinkhorst at 2020-02-24T16:03:57+01:00
Tomcat CVE-2020-1938

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18109,8 +18109,14 @@ CVE-2020-1940 (The optional initial password change and password expiration feat
 	NOT-FOR-US: Apache Jackrabbit Oak
 CVE-2020-1939
 	RESERVED
-CVE-2020-1938
+CVE-2020-1938 [Tomcat AJP local file inclusion "ghostcat"]
 	RESERVED
+	- tomcat9 <unfixed> (bug #952437)
+	- tomcat8 <removed>
+	- tomcat7 <removed>
+	NOTE: AJP disabled in Debian in default configuration since 2008
+	NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100
+	NOTE: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
 CVE-2020-1937
 	RESERVED
 	NOT-FOR-US: Apache Kylin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29ad6a617c730096121a9eb52f480d6cb3109639

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29ad6a617c730096121a9eb52f480d6cb3109639
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200224/4347d02c/attachment.html>