NOMISEC-YounesTasra-R4z3rSw0rd/CVE-2020-1938

NOMISEC WORKING POC
Exploit for CVE-2020-1938 - Apache Geode < 7.0.100 - Remote Code Execution
AI Analysis

This is a Python-based exploit for CVE-2020-1938 (Ghostcat), targeting Apache Tomcat AJP protocol. It implements AJP packet serialization/deserialization to craft malicious requests, enabling file read and potential RCE via file inclusion.

Attack Type
info_leak
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1005 - Data from Local System
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type infoleak
Files 2
Stars 3
Forks 0
Last Push Aug 21, 2022
Authors
YounesTasra-R4z3rSw0rd
Vulnerability
CVE-2020-1938
Apache Geode < 7.0.100 - Remote Code Execution
CRITICAL KEV
CVSS 9.8