CVE-2020-1938

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited. Vendor/Product: Apache Tomcat. Added to CISA KEV 2022-03-03; required action: Apply updates per vendor instructions.