CVE-2020-1745 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-1745 PUBLISHED

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

EPSS 0.64% · 70.3th percentile

Risk Scores

EPSS Score

0.64%

70.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:25.10	undertow	0, 2.3.18-2, 2.3.18-1
Ubuntu:20.04:LTS	undertow	0, 2.0.23-1, 2.0.27-1
Ubuntu:24.04:LTS	undertow	2.3.8-2, 0
Ubuntu:18.04:LTS	undertow	1.4.23-2build1, 0, 1.4.20-1
Ubuntu:16.04:LTS	undertow	0, 1.3.16-1, 1.3.11-1

Timeline

Mar 31, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Mar 5, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-1745 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1807305 third-party-advisory
https://access.redhat.com/security/cve/CVE-2020-1938 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-1745 third-party-advisory

Open in Interactive Console →