Hi,
I want to try to exploit tomcat vulnerability CVE-2009-2693. From site
it says that the affected version are from 6.0.0 to 6.0.20. I could not
find any of this on official apache tomcat website. I want to do some
tests on that vulnerable versions.
*Could you please guide me from where I can download the tomcat version
which is vulnerable to CVE-2009-2693(Arbitrary file deletion and /or
alteration on deploy) ? **Pl note that I use ubuntu 12.0.4.*
Basically this is how I plan to exploit that vulnerability:
1) I insert code to create a directory in user's home directory in one
of the java class of my web application.
2) I deploy the war file to tomcat's web-apps dir.
3)I start the tomcat with security manager and it should then create a
directory in user's home directory.
I would really appreciate your help regarding this.
Thanks.
