![しゅーと on Twitter: "Tomcat vulnerability (CVE-2020-1938 / CNVD-2020-10487) is basically LFI, but in some cases, RCE. ajp13 can interpret text file as "JSP" . Example: if you store log file at WEBROOT, しゅーと on Twitter: "Tomcat vulnerability (CVE-2020-1938 / CNVD-2020-10487) is basically LFI, but in some cases, RCE. ajp13 can interpret text file as "JSP" . Example: if you store log file at WEBROOT,](https://pbs.twimg.com/media/ERUOBTrUEAA3S8M.png)
しゅーと on Twitter: "Tomcat vulnerability (CVE-2020-1938 / CNVD-2020-10487) is basically LFI, but in some cases, RCE. ajp13 can interpret text file as "JSP" . Example: if you store log file at WEBROOT,
CVE-2019-10072 (High) detected in tomcat-embed-core-8.5.40.jar · Issue #2 · gandrade/etag-for-scim-server · GitHub
![Ghostcat (CVE-2020-1938): ongoing scans for unpatched Apache Tomcat servers. Patch now! | Andrea Fortuna Ghostcat (CVE-2020-1938): ongoing scans for unpatched Apache Tomcat servers. Patch now! | Andrea Fortuna](https://andreafortuna.org/assets/2020/03/image-1.png)
Ghostcat (CVE-2020-1938): ongoing scans for unpatched Apache Tomcat servers. Patch now! | Andrea Fortuna
![JSP isn't executed by Tomcat when IP Address is used instead of 'localhost', showing Source Code - Stack Overflow JSP isn't executed by Tomcat when IP Address is used instead of 'localhost', showing Source Code - Stack Overflow](https://i.stack.imgur.com/V2Mhd.png)