CVE-2020-9484

This repository contains a functional exploit for CVE-2020-9484, targeting Apache Tomcat's session cluster synchronization feature. The exploit leverages deserialization vulnerabilities in unencrypted session synchronization to achieve remote code execution (RCE) on vulnerable Tomcat instances.

This repository contains a functional exploit for CVE-2020-9484, a path traversal vulnerability in Apache Tomcat. The exploit leverages a malicious JSESSIONID cookie to achieve remote code execution (RCE) by loading a malicious Groovy library.

This repository demonstrates a working exploit for CVE-2020-9484, a deserialization vulnerability in Apache Tomcat. It includes steps to generate a payload using ysoserial and execute arbitrary commands via session manipulation.

This repository contains a functional exploit script for CVE-2020-9484, which leverages deserialization in Apache Tomcat 9.0.27 to achieve remote code execution. The script uses ysoserial to generate payloads and sends crafted requests to exploit the vulnerability.

This repository contains a bash script that scans a list of URLs for potential vulnerability to CVE-2020-9484, an Apache Tomcat deserialization flaw leading to RCE. It checks for HTTP 500 responses and the presence of 'java' in the response to identify vulnerable hosts.

This repository contains a functional Python exploit for CVE-2020-9484, a deserialization vulnerability in Apache Tomcat. The exploit uses ysoserial to generate payloads for remote code execution via a reverse shell, targeting JDK 11 environments.

This repository contains a functional exploit for CVE-2020-9484, a deserialization vulnerability in Apache Tomcat that can lead to remote code execution (RCE). The exploit uses ysoserial to generate malicious payloads and leverages file upload via JSESSIONID cookie manipulation to achieve RCE.

This repository contains a functional exploit for CVE-2020-9484, an Apache Tomcat RCE vulnerability via deserialization. The script uses ysoserial to generate a malicious payload and leverages session manipulation to achieve remote code execution.

This repository contains a functional exploit for CVE-2020-9484, leveraging Apache Tomcat's session deserialization vulnerability to achieve remote code execution. The exploit uses ysoserial to generate a malicious payload and delivers it via a crafted session file upload.

This repository provides a functional exploit PoC for CVE-2020-9484, an Apache Tomcat deserialization vulnerability. It includes a Docker setup to replicate the vulnerable environment and a curl command to trigger the exploit, demonstrating file creation in the tmp directory.

This repository contains a functional exploit for CVE-2020-9484, an Apache Tomcat RCE vulnerability. The exploit manipulates the JSESSIONID cookie to trigger arbitrary file read/write operations, potentially leading to remote code execution.

The repository lacks actual exploit code and instead directs users to an external YouTube video, which is a common tactic for suspicious or deceptive repositories. No technical details or functional exploit code are provided.

This repository provides a detailed technical analysis of CVE-2020-9484, including root cause analysis, exploitation steps using ysoserial, and mitigation strategies. It explains how session deserialization in Apache Tomcat can lead to RCE under specific conditions.

This repository contains a functional exploit for CVE-2020-9484, a deserialization vulnerability in Apache Tomcat. The exploit leverages yoserial to generate malicious session files, which are uploaded to a vulnerable server and executed via crafted JSESSIONID cookies.

This repository contains a functional exploit for CVE-2020-9484, a deserialization vulnerability in Apache Tomcat. The exploit generates a malicious session file and leverages it to achieve remote code execution (RCE) on vulnerable Tomcat instances.

This repository contains a functional exploit for CVE-2020-9484, leveraging deserialization via ysoserial to achieve remote code execution (RCE) on a vulnerable Apache Tomcat server. The exploit uploads a malicious payload, triggers its execution via a crafted JSESSIONID cookie, and establishes a reverse shell.

This repository provides a functional exploit for CVE-2020-9484, a deserialization vulnerability in Apache Tomcat. It includes a Dockerfile to set up a vulnerable environment and detailed steps to achieve remote code execution via session file uploads and manipulation.

This repository contains a functional exploit for CVE-2020-9484, demonstrating a deserialization vulnerability in Apache Tomcat. The PoC includes a Dockerized environment for testing, with scripts to register a user, upload a malicious file, and trigger the exploit via a crafted JSESSIONID cookie.

This repository contains a bash script that scans for CVE-2020-9484 by sending a crafted HTTP request with a malicious JSESSIONID cookie to a list of URLs. It checks for the presence of the vulnerability but does not exploit it for RCE.

This repository contains a Python script that automates the exploitation of CVE-2020-9484, a deserialization vulnerability in Apache Tomcat. It uses a Java-based exploit (tomcat-cluster-session-sync-exp) to trigger DNS lookups via ceye.io for vulnerability verification.