CVE-2020-1745

ADVISORY - github

Summary

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

EPSS Score⁠: 0.02399 (0.845)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

5 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2020-1745⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-285⁠

CVSS SCORE

8.6high

GitHub

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDGHSA-gv2w-88hx-8m9r⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-285⁠

CVSS SCORE

8.6high

Debian

CREATED

5 years ago

UPDATED

17 days ago

ADVISORY IDCVE-2020-1745⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

5 years ago

UPDATED

22 days ago

ADVISORY IDCVE-2020-1745⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

GitLab

CREATED

5 years ago

UPDATED

4 years ago

ADVISORY ID

CVE-2020-1745

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-200⁠CWE-937⁠

CVSS SCORE

9.8critical

Red Hat

CREATED

5 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2020-1745⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-285⁠

CVSS SCORE

7.6high

CVE-2020-1745

Summary

Common Weakness Enumeration (CWE)

CWE-285⁠

CWE-285⁠

CWE-1035⁠

CWE-200⁠

CWE-937⁠

CWE-285⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Debian

Ubuntu

CVSS SCORE

GitLab

CVSS SCORE

Red Hat

CVSS SCORE