尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| - | Apache Tomcat | Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103 | - |
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484是session持久化的洞,这个是session集群同步的洞! | https://github.com/threedr3am/tomcat-cluster-session-sync-exp | POC详情 |
| 2 | None | https://github.com/masahiro331/CVE-2020-9484 | POC详情 |
| 3 | 利用ceye批量检测CVE-2020-9484 | https://github.com/seanachao/CVE-2020-9484 | POC详情 |
| 4 | 用Kali 2.0复现Apache Tomcat Session反序列化代码执行漏洞 | https://github.com/IdealDreamLast/CVE-2020-9484 | POC详情 |
| 5 | for Ubuntu 18.04, improve functions. | https://github.com/qerogram/CVE-2020-9484 | POC详情 |
| 6 | CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE | https://github.com/osamahamad/CVE-2020-9484-Mass-Scan | POC详情 |
| 7 | None | https://github.com/anjai94/CVE-2020-9484-exploit | POC详情 |
| 8 | None | https://github.com/PenTestical/CVE-2020-9484 | POC详情 |
| 9 | A smol bash script I threw together pretty quickly to scan for vulnerable versions of the Apache Tomcat RCE. I'll give it some love when I have the time. | https://github.com/DanQMoo/CVE-2020-9484-Scanner | POC详情 |
| 10 | None | https://github.com/AssassinUKG/CVE-2020-9484 | POC详情 |
| 11 | POC for CVE-2020-9484 | https://github.com/VICXOR/CVE-2020-9484 | POC详情 |
| 12 | None | https://github.com/DXY0411/CVE-2020-9484 | POC详情 |
| 13 | Apache Tomcat RCE (CVE-2020-9484) | https://github.com/RepublicR0K/CVE-2020-9484 | POC详情 |
| 14 | POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484) | https://github.com/ColdFusionX/CVE-2020-9484 | POC详情 |
| 15 | Exploit for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE | https://github.com/d3fudd/CVE-2020-9484_Exploit | POC详情 |
| 16 | small test to prevent sql injections attack. 🔒 CVE-2020-9484 | https://github.com/pxcs/webLogin-DEV | POC详情 |
| 17 | Remake of CVE-2020-9484 by Pentestical | https://github.com/0dayCTF/CVE-2020-9484 | POC详情 |
| 18 | Bash POC for CVE-2020-9484 that i used in tryhackme challenge | https://github.com/Disturbante/CVE-2020-9484 | POC详情 |
| 19 | Remake of CVE-2020-9484 by Pentestical | https://github.com/deathquote/CVE-2020-9484 | POC详情 |
| 20 | PoC exploit for CVE-2020-9484, and a vulnerable web application for its demonstration | https://github.com/savsch/PoC_CVE-2020-9484 | POC详情 |
| 21 | When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-9484.yaml | POC详情 |
未找到公开 POC。
登录以生成 AI POC暂无评论