-
Apache Tomcat Manager Application Deployer Authenticated Code Execution
Disclosure Date: 2009-11-09First seen: 2020-04-26exploit/multi/http/tomcat_mgr_deployThis module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. Authors: - jduck <jduck@metasploit.com> -
Apache Tomcat Manager Authenticated Upload Code Execution
Disclosure Date: 2009-11-09First seen: 2020-04-26exploit/multi/http/tomcat_mgr_uploadThis module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. Authors: - rangercha -
Tomcat UTF-8 Directory Traversal Vulnerability
Disclosure Date: 2009-01-09First seen: 2020-04-26auxiliary/admin/http/tomcat_utf8_traversalThis module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 - 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the vulnerability actually occurs within Java and not Tomcat; the server must use Java versions prior to Sun 1.4.2_19, 1.5.0_17, 6u11 - or prior IBM Java 5.0 SR9, 1.4.2 SR13, SE 6 SR4 releases. This module has only been tested against RedHat 9 running Tomcat 6.0.16 and Sun JRE 1.5.0-05. You may wish to change FILE (hosts,sensitive files), MAXDIRS and RPORT depending on your environment. Authors: - aushack <patrick@osisecurity.com.au> - guerrino <ruggine> di massa -
TrendMicro Data Loss Prevention 5.5 Directory Traversal
Disclosure Date: 2009-01-09First seen: 2020-04-26auxiliary/admin/http/trendmicro_dlp_traversalThis module tests whether a directory traversal vulnerability is present in Trend Micro DLP (Data Loss Prevention) Appliance v5.5 build <= 1294. The vulnerability appears to be actually caused by the Tomcat UTF-8 bug which is implemented in module tomcat_utf8_traversal CVE 2008-2938. This module simply tests for the same bug with Trend Micro specific settings. Note that in the Trend Micro appliance, /etc/shadow is not used and therefore password hashes are stored and anonymously accessible in the passwd file. Authors: - aushack <patrick@osisecurity.com.au> -
Apache Tomcat User Enumeration
First seen: 2020-04-26auxiliary/scanner/http/tomcat_enumThis module enumerates Apache Tomcat's usernames via malformed requests to j_security_check, which can be found in the web administration package. It should work against Tomcat servers 4.1.0 - 4.1.39, 5.5.0 - 5.5.27, and 6.0.0 - 6.0.18. Newer versions no longer have the "admin" package by default. The 'admin' package is no longer provided for Tomcat 6 and later versions. Authors: - Heyder Andrade <heyder.andrade@gmail.com> - Leandro Oliveira <leandrofernando@gmail.com> -
Tomcat Application Manager Login Utility
First seen: 2020-04-26auxiliary/scanner/http/tomcat_mgr_loginThis module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. Authors: - MC <mc@metasploit.com> - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com>
6 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details