Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-31650 PoC — Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

Source
https://github.com/sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool
Associated Vulnerability
Title:Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
Description:Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Readme
# Tomcat Vulnerability Scanner

A tool to detect CVE-2025-31650 in Apache Tomcat servers using Shodan integration.

## Features
- HTTP/2 priority vulnerability detection
- Shodan target discovery
- CSV/JSON reporting

## Installation
```bash
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
File Snapshot

 [4.0K]  /data/pocs/5cbd6413fa2af81a9b9fa8a3b572be85455364e5
├── [ 734]  How to Use
├── [ 319]  README.md
└── [8.3K]  tomcat_scanner.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →