Apache Tomcat Remote Code Execution Vulnerability(CVE-2020-9484)

Summary: Recently a new remote code execution vulnerability was disclosed for Apache Tomcat. Apache Tomcat is prone to by a Java deserialization vulnerability. However successful exploitation of this vulnerability requires the attacker to be able to upload an arbitrary file onto the server. This issue was assigned under CVE-2020-9484. Description: There are number of prerequisites … Continue reading “Apache Tomcat Remote Code Execution Vulnerability(CVE-2020-9484)”

Apache Tomcat on Windows CGI Servlet Remote Code Execution Vulnerability (CVE-2019-0232)

Summary: Apache Tomcat has a vulnerability in the CGI Servlet which can be exploited to achieve remote code execution (RCE). Only Windows¬† is exploitable while running in a non-default configuration in conjunction with batch files. Description: conf/context.xml as well conf/web.xml enables CGI in tomcat. Common Gateway Interface (CGI) is a standard protocol allows passing of … Continue reading “Apache Tomcat on Windows CGI Servlet Remote Code Execution Vulnerability (CVE-2019-0232)”