How to perform CVE-2020-9484 TomcatSession deserialization and reproduction 01/19 Update SLTechnology News&Howtos

How to perform CVE-2020-9484 TomcatSession deserialization and reproduction

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article is about how to carry out CVE-2020-9484 TomcatSession deserialization reproduction, Xiaobian thinks it is quite practical, so share it with you to learn, I hope you can gain something after reading this article, not much to say, follow Xiaobian to have a look.

Bug description:

On May 20, 2020, Apache officially issued a risk notification for Apache Tomcat remote code execution, with the vulnerability number CVE-2020-9484.

Vulnerability Impact Scope:

Apache Tomcat 10.0.0-M1-10.0.0-M4

Apache Tomcat 9.0.0.M1-9.0.34

Apache Tomcat 8.5.0-8.5.54

Apache Tomcat 7.0.0-7.0.103

Bug fixing method:

Upgrade tomcat version

Close session persistence

Vulnerability recurrence environment: Server:

CentOs7

tomcat9.30

jdk8

Attacker:

windows10

Tools:

Burp

yserial (java deserialization exploit)

Plugins:

groovy-2.3.9.jar (tomcat plug-in, yserial required)

Steps for bug recurrence:

Server installation centos7 installation tutorial connection

Install jdk8 installation tutorial connection

Install tomcat 9.30 download address

Server: Create a tomcat directory under/usr/local/, extract the files, command: tar -zxvf tomcat9.30 /usr/local/tomcat9/

Modify conf/context.xlm, as shown in the figure:

Download groovy-2.3.9.jar and place groovy-2.3.9.jar in/usr/local/tomcat/lib (plug-ins required for ysoserial to use Groovy1 command) Download

Run tomcat: /usr/local/tomcat/bin/catalina.sh start, as shown

Download ysoserial(a.jar package that generates java deserialized payload) Generate payload command: java -jar ysoserial-master-6eca5bc740-1.jar Groovy1 "touch /tmp/hacker" > /tmp/test.session. Download, as shown in Figure:

Attacker: attack by burp capture packet, add cookie field, as shown in the figure:

The server generates a directory, and the command execution is completed, as shown in the figure.

The above is how to carry out CVE-2020-9484 TomcatSession deserialization reproduction, Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.