Detect Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys WAS
As previously reported, a severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, named “Ghostcat”, which is tracked using CVE-2020-1938 and rated critical severity with a CVSS v3 score of 9.8.
This blog post details how web application security teams can detect this vulnerability using Qualys Web Application Scanning (WAS). This new Qualys WAS detection complements the detection that uses Qualys VMDR®.