Ghostcat (CVE-2020-1938)

On vulnerable Tomcat it's possible to download a file from a webapp using the AJP protocol. At the moment, it's not possible to read file from an other location (/etc/passwdfor instance) or execute code.

The tool AJPy has the exploitation code:

python tomcat.py read_file --webapp=manager /WEB-INF/web.xml 127.0.0.1