Apache-Tomcat-CVE-2024-56337

[halimB8]

This template is to identify Apache Tomcat versions vulnerable to CVE-2024-56337

id: Apache-Tomcat-CVE-2024-56337

info:
name: Detect Apache Tomcat Server vulnerable to CVE-2024-56337
author: Abdelhalim ABO
severity: high
description: |
Detects Apache Tomcat server versions:
- Apache Tomcat 11.0.0-M1 to 11.0.1
- Apache Tomcat 10.1.0-M1 to 10.1.33
- Apache Tomcat 9.0.0.M1 to 9.0.97
tags: tomcat

requests:

• method: GET
  path:

  • "{{BaseURL}}"

  redirects: true
  matchers-condition: or
  matchers:

  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'
      extractors:
  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'

• method: GET
  path:

  • "{{BaseURL}}/rrr.dd" #Visit a non-existent page t try to have an error and display the version of Apache Tomcat
    matchers:
  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'

  extractors:

  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'

[GeorginaReeder]

Thanks for your contributions @halimB8 !

[princechaddha]

Hi @halimB8, the response time to this issue was longer than usual, and we appreciate your patience and contribution to this project. However, we try to only add templates for CVEs with complete proof of concept to minimize false positives and negatives, though there are rare exceptions. Please feel free to reopen the issue if you have a template that includes a full POC. Thanks