CVE-2020-9484
Description
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
Severity: HIGH
CVE ID: CVE-2020-9484
CVSS Score: 7.0
CVSS Metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2020-9484
Refrence: Project Discovery GitHub
threedr3am
tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务 器进行攻击。PS:这个不是CVE-2020-9484,9484是session持久化的洞,这个是session集群同步的洞!
Refrence: GitHub
masahiro331
Refrence: GitHub
seanachao
利用ceye批量检测CVE-2020-9484
Refrence: GitHub
IdealDreamLast
用Kali 2.0复现Apache Tomcat Session反序列化代码执行漏洞
Refrence: GitHub
qerogram
for Ubuntu 18.04, improve functions.
Refrence: GitHub
osamahamad
CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE
Refrence: GitHub
anjai94
Refrence: GitHub
PenTestical
Refrence: GitHub
DanQMoo
A smol bash script I threw together pretty quickly to scan for vulnerable versions of the Apache Tomcat RCE. I'll give it some love when I have the time.
Refrence: GitHub
AssassinUKG
Refrence: GitHub
VICXOR
POC for CVE-2020-9484
Refrence: GitHub
DXY0411
Refrence: GitHub
RepublicR0K
Apache Tomcat RCE (CVE-2020-9484)
Refrence: GitHub
ColdFusionX
POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)
Refrence: GitHub
d3fudd
Exploit for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE
Refrence: GitHub
Content on GitHub
HxDDD | watchers:3
CVE-PoC
CVE PoC
Refrence: GitHub