Video PoC Exploit for Apache Tomcat packaging on Debian-based distros

* CVE-2016-1240 - Apache Tomcat pkg. (Debian-based distros) - Root Privilege Escalation

Discovered by Dawid Golunski


The video below demonstrates how an attacker using the CVE-2016-1240 vulnerability in Apache Tomcat packaging on Debian-based systems, could escalate their privileges to root user upon gaining access to the system as tomcat user.
In the presented scenario, the attacker gains the local access to tomcat shell by exploiting a pre-existing webapp vulnerability (File Upload) to upload a reverse shell and then proceeds to privilege escalation.

Thanks for watching

To receive updates on this as well as new vulnerabilities