Authored by Mike Pickard | Site

Python exploit for CVE-2022-22965 that provides a prompt to the user in the style of an ssh session. The script is designed to be easy to understand and execute, with both readability and accessibility – depending on the user’s choice. Designed for exploiting the vulnerability on tomcat servers. The fileDateFormat field on the server will be set and unset as part of the script which allows the exploit to be run multiple times. Cleanup may be required. It leverages a vulnerability found in the java spring framework before version 5.2, as well as in versions 5.3.0-17 an d 5.2.0-19 and running on a version of the Java Development Kit greater than or equal to 9.

advisories | CVE-2022-22965