CVE-2010-0557

Exploitation Summary

EIP tracks 4 public exploits for CVE-2010-0557. PoCs published by MC, jduck, including Metasploit module auxiliary/scanner/http/tomcat_mgr_login.

AI-analyzed exploit summary This Metasploit module attempts to brute-force login credentials for the Tomcat Application Manager by testing default or provided usernames and passwords. It checks for HTTP 401 responses and validates successful logins.

Description

IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.

Exploits (4)

metasploit SCANNER

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/tomcat_mgr_login.rb

View Code ZIP pw:eip

This Metasploit module attempts to brute-force login credentials for the Tomcat Application Manager by testing default or provided usernames and passwords. It checks for HTTP 401 responses and validates successful logins.

Classification

Scanner 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Apache Tomcat (multiple versions)

Auth required

Prerequisites: Access to Tomcat Manager interface · Valid or default credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Jun 05, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits Apache Tomcat's Manager application to upload and execute a malicious WAR archive, leveraging authenticated access to achieve remote code execution. It handles CSRF tokens, session management, and payload deployment/cleanup.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat (with exposed Manager application)

Auth required

Prerequisites: Valid credentials for Tomcat Manager · Exposed /manager/html/upload endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 24, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by jduck · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_deploy.rb

View Code ZIP pw:eip

This Metasploit module exploits Apache Tomcat's Manager application to deploy a malicious WAR archive containing a JSP payload, achieving authenticated remote code execution. It supports multiple platforms (Java, Windows, Linux) and includes functionality for automatic target detection and cleanup.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat (with exposed Manager application)

Auth required

Prerequisites: Valid credentials for Tomcat Manager · Exposed Manager application (/manager)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 24, 2026 Full analysis →

exploitdb WORKING POC

rubyremotemultiple

https://www.exploit-db.com/exploits/16317

View Code ZIP pw:eip

This Metasploit module exploits Apache Tomcat's Manager application to deploy a malicious WAR archive containing a JSP payload, achieving authenticated remote code execution. It supports automatic target detection and payload generation for multiple platforms.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat (with exposed Manager application)

Auth required

Prerequisites: Valid credentials for Tomcat Manager · Exposed Manager application (/manager)

MITRE ATT&CK