Remote code execution in Apache Tomcat 7.0

mdewinter 8 years ago |

Windows only, maybe the title can be changed.

bluetwo 8 years ago | |

I stopped reading when I got to 'Windows' as well.

ryanlol 8 years ago |

It's 2017 and scanning /0 for PUT still reliably gets a bunch of shells...

exikyut 8 years ago | |

OH, that's a _netmask_. It took me an entire day to figure that out. I thought /0 was a path :)

kevindqc 8 years ago | |

Why does that return a shell?

dogma1138 8 years ago | | |

Web shell via put, still quite common.

Just as common as dorking for common webshells with no or default passwords.

If you need a VPS fast googling for c99 is faster than spinning up something on AWS ;)

exikyut 8 years ago | | |

Would like to learn more about this.

Hmm... looks like this dropped from 20k to 700 while I wasn't looking, which I guess is a very good thing (these are DVRs!). But FWIW, for "JAWS/1.0 -2017 -2016" on shodan, then "/shell?whoami" returns "root". :)

bastijn 8 years ago |

> "National Vulnerability Database The NVD is currently offline for scheduled maintenance.

> Please check back again shortly. We apologize for the inconvenience.

> Please direct any questions to nvd@nist.gov. Thank you."

Perfect timing for hn Frontpage. Alt link: https://tomcat.apache.org/security-7.html

thephyber 8 years ago | |

Interestingly, I think NVD.nist.gov just changed their HTML-generating template since this HN URL was posted.

jlgaddis 8 years ago | | |

They did. The page looks much different now than it did earlier.

nwrk 8 years ago |

CC: Equifax