Quickfire Cyber Bulletin June 5, 2026
← Back

CVE-2020-1938

Apache Tomcat Improper Privilege Management Vulnerability

High

Description

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Scores & Signals

EPSS score 0.9447 (100.0th percentile)
CISA KEV Yes — actively exploited (added 2022-03-03) · due 2022-03-17
Affected Apache Tomcat

Sources

External references

Risk scores are deterministic, based on public signals only. They are informational context, not a final verdict. Always consult vendor advisories before taking action.