CVE-2010-4094

Exploitation Summary

EIP tracks 4 public exploits for CVE-2010-4094. PoCs published by Metasploit, MC, jduck, including Metasploit module auxiliary/scanner/http/tomcat_mgr_login.

AI-analyzed exploit summary This Metasploit module exploits Apache Tomcat's Manager Application Deployer to achieve authenticated remote code execution by uploading a malicious WAR file containing a JSP payload. It supports automatic target detection and cleanup after execution.

Description

The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/16317

View Code ZIP pw:eip

This Metasploit module exploits Apache Tomcat's Manager Application Deployer to achieve authenticated remote code execution by uploading a malicious WAR file containing a JSP payload. It supports automatic target detection and cleanup after execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat (versions with exposed manager application)

Auth required

Prerequisites: Valid credentials for Tomcat Manager · Exposed Tomcat Manager interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit SCANNER

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/tomcat_mgr_login.rb

View Code ZIP pw:eip

This Metasploit module attempts to brute-force login credentials for the Tomcat Application Manager by testing various default or weak credentials. It does not exploit a specific vulnerability but checks for weak authentication configurations.

Classification

Scanner 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Apache Tomcat (various versions)

Auth required

Prerequisites: Access to Tomcat Manager interface · List of default/weak credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Jun 05, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits Apache Tomcat's Manager application to upload and execute a malicious WAR archive containing a JSP payload. It authenticates with provided credentials, bypasses CSRF protection, and achieves remote code execution by deploying the payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat (versions with exposed Manager application)

Auth required

Prerequisites: Valid Tomcat Manager credentials · Exposed /manager/html/upload endpoint · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 24, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by jduck · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_deploy.rb

View Code ZIP pw:eip

This Metasploit module exploits Apache Tomcat's Manager application to deploy a malicious WAR file containing a JSP payload, achieving remote code execution. It supports multiple platforms (Java, Windows, Linux) and includes functionality for automatic target detection and cleanup.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Tomcat (versions with exposed Manager application)

Auth required

Prerequisites: Valid credentials for Tomcat Manager · Exposed Tomcat Manager application

MITRE ATT&CK