Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-31650 PoC β€” Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

Source
https://github.com/B1gN0Se/Tomcat-CVE-2025-31650
Associated Vulnerability
Title:Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
Description:Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Readme
# CVE-2025-31650

🚨 Proof of Concept (PoC) for Apache Tomcat HTTP/2 DoS vulnerability (CVE-2025-31650)

This script triggers a memory exhaustion condition in Apache Tomcat by sending malformed `priority` headers over HTTP/2.

---

## 🎯 Affected Versions

- Apache Tomcat 9.0.76 – 9.0.102
- Apache Tomcat 10.1.10 – 10.1.39
- Apache Tomcat 11.0.0-M2 – 11.0.5

---

## βš™οΈ Features

- βœ”οΈ HTTP/2 support verification
- βœ”οΈ `Server` header inspection (detect Tomcat)
- βœ”οΈ `--check-only` mode (non-intrusive)
- βœ”οΈ Async-based scalable exploit with adjustable intensity

---

## πŸš€ Usage

### βœ… Check-only (safe detection)
```bash
python3 PoC.py --target https://example.com:8443 --check-only
```

### πŸ’₯ Exploit (DoS)
```bash
python3 PoC.py --target https://example.com:8443 --exploit --tasks 50 --requests 5000
```

---

## 🧩 Arguments

| Parameter         | Description                                           |
|-------------------|-------------------------------------------------------|
| `--target`        | Full target URL with protocol and port               |
| `--check-only`    | Only test if the server supports HTTP/2 & Tomcat     |
| `--exploit`       | Run the actual DoS attack                            |
| `--tasks`         | Number of async tasks (default: 50)                  |
| `--requests`      | Requests per task (default: 5000)                    |

---

## ⚠️ Disclaimer

This PoC is for educational and authorized security testing **only**.  
Do **not** use it against systems without explicit permission.

---
File Snapshot

 [4.0K]  /data/pocs/605c87004a1fbd7390fc618b3e95688082a70839
β”œβ”€β”€ [6.8K]  PoC.py
└── [1.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’