Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-13935 PoC — Apache Tomcat 安全漏洞

Source
https://github.com/RedTeamPentesting/CVE-2020-13935
Associated Vulnerability
Title:Apache Tomcat 安全漏洞 (CVE-2020-13935)
Description:The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
Description
Exploit for WebSocket Vulnerability in Apache Tomcat
Readme
# Exploit for WebSocket Vulnerability in Apache Tomcat (CVE-2020-13935)

In the corresponding [blog post](https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/)
the analysis and exploitation of the vulnerability is explained in detail.

## Usage

Clone the repository, then build the `tcdos` binary. Run the program as follows to test
whether a particular WebSocket endpoint is vulnerable:

```
$ git clone https://github.com/RedTeamPentesting/CVE-2020-13935
$ cd CVE-2020-13935
$ go build
$ ./tcdos [WebSocket endpoint]
```
File Snapshot

 [4.0K]  /data/pocs/86258549d41ac3a30353da33fed4e62b409f3b70
├── [  67]  go.mod
├── [ 175]  go.sum
├── [1.0K]  LICENSE
├── [3.5K]  main.go
└── [ 543]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →