NOMISEC-Just1ceP4rtn3r/CVE-2020-1938-Tool

NOMISEC WORKING POC

Exploit for CVE-2020-1938 - Apache Geode < 7.0.100 - Remote Code Execution

AI Analysis

This repository contains a Python-based tool for exploiting CVE-2020-1938 (Ghostcat), which allows arbitrary file reads via the AJP protocol in Apache Tomcat. The tool includes functionality for both single-target exploitation and batch scanning of multiple hosts.

Attack Type

info_leak

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1119 - Automated Collection T1082 - System Information Discovery

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 6

https://github.com/Just1ceP4rtn3r/CVE-2020-1938-Tool

Stars 3

Forks 2

Last Push Mar 20, 2020

Authors

Just1ceP4rtn3r

Vulnerability

CVE-2020-1938

Apache Geode < 7.0.100 - Remote Code Execution

CRITICAL KEV

CVSS 9.8