CVE-2020-1938¶
REPORTED VULNERABILITY¶
AJP Request Injection and potential Remote Code Execution vulnerability in Tomcat server.
REPORTED PRODUCTS¶
- WSO2 API Manager
- WSO2 Identity Server
- WSO2 Enterprise Integrator
- WSO2 Stream Processor
WSO2 JUSTIFICATION¶
This vulnerability affects Tomcat deployments where the AJP port is accessible to untrusted parties.
WSO2 products do not enable AJP and it is not recommended to use AJP with WSO2 products. Therefore, there is no possibility to exploit this vulnerability by connecting to the WSO2 servers via AJP.