tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ragini <>
Subject Downloading binary version of vulnerable tomcat 6.0.0 - 6.0.20 to exploit the vulnerabilty CVE-2009-2693
Date Tue, 25 Sep 2012 11:15:54 GMT

I want to try to exploit tomcat vulnerability CVE-2009-2693. From site 
it says that the affected version are from 6.0.0 to 6.0.20. I could not 
find any of this on official apache tomcat website. I want to do some 
tests on that vulnerable versions.

*Could you please guide me from where I can download the tomcat version 
which is vulnerable to CVE-2009-2693(Arbitrary file deletion and /or 
alteration on deploy) ? **Pl note that I use ubuntu 12.0.4.*

Basically this is how I plan to exploit that vulnerability:

1) I insert code to create a directory in user's home directory in one 
of the java class of my web application.
2) I deploy the war file to tomcat's web-apps dir.
3)I start the tomcat with security manager and it should then create a 
directory in user's home directory.

I would really appreciate your help regarding this.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message