Apache Tomcat DoS (CVE-2022-29885) Exploit.
Denial of Service in EncryptInterceptor (Tomcat Cluster).

The target machine needs to start the Cluster Nio Receiver.
Sending a special TCP packet will cause a Denial of Service to the target.
Whether EncryptInterceptor is used or not, there is the possibility of denial of service vulnerability with condition:
the Tomcat cluster function is enabled and use NioReceiver for communication.

Any version of Tomcat will be affected. The only solution is to use a trusted network.

Safe config file server.xml contains

<Interceptor className="org.apache.catalina.tribes.group.interceptors.EncryptInterceptor"
       encryptionAlgorithm="AES/CBC/PKCS5Padding"
       encryptionKey="ANY_KEY(LENGTH:32)"/>

Every other config variation is unsafe.

Application

1. git clone https://github.com/iveresk/CVE-2022-29885.git
2. cd CVE-2022-29885
3. go build -o /cve-2022-29885
4. ./cve-2022-29885 -t <target_url or file_name> [OPTIONAL] -s false -d false

- t - target URL or filename
- d - debug {true, false} flag which enables or disables logs
- s - safe and unsafe regime switcher. Default value is unsafe.

Docker with pre-defined 6340 ruzzian Apache Tomcat servers multiplies for the 10 most common Tomcat ports.
Default Unsafe mode is pre-setuped.

docker run -d masterroot/cve-2022-29885

Have fun with ruzzland-terrorist-state VoIP devices :D

You are free to contact me via Keybase for any details.