openkylin
/
openkylin-exploit-db
mirror of https://gitee.com/openkylin/openkylin-exploit-db.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
openkylin-exploit-db/cve/apache-tomcat/2022/CVE-2022-29885
History
fcc 3b3e5cb4db add CVE-2022-29885 2023-03-12 14:49:39 +08:00
..
CVE-2022-29885.go add CVE-2022-29885 2023-03-12 14:49:39 +08:00
README.md add CVE-2022-29885 2023-03-12 14:49:39 +08:00

README.md

Tomcat-DOS

Apache Tomcat DOS

Introduce

Apache Tomcat DoS (CVE-2022-29885) Exploit

Denial of Service in EncryptInterceptor (Tomcat Cluster)

The target machine needs to start the Cluster Nio Receiver,Sending a special TCP packet will cause a Denial of Service to the target. Whether EncryptInterceptor is used or not, there is the possibility of denial of service vulnerability

eg

./dos -h target_ip -p target_nio_port -s

Reference

https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv