Apache-Tomcat-CVE-2024-56337

[halimB8]

This template is to identify Apache Tomcat versions vulnerable to CVE-2024-56337

id: Apache-Tomcat-CVE-2024-56337

info:
name: Detect Apache Tomcat Server vulnerable to CVE-2024-56337
author: Abdelhalim ABO
severity: high
description: |
Detects Apache Tomcat server versions:
- Apache Tomcat 11.0.0-M1 to 11.0.1
- Apache Tomcat 10.1.0-M1 to 10.1.33
- Apache Tomcat 9.0.0.M1 to 9.0.97
tags: tomcat

requests:

• method: GET
  path:

  • "{{BaseURL}}"

  redirects: true
  matchers-condition: or
  matchers:

  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'
      extractors:
  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'

• method: GET
  path:

  • "{{BaseURL}}/rrr.dd" #Visit a non-existent page t try to have an error and display the version of Apache Tomcat
    matchers:
  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'

  extractors:

  • type: regex
    part: body
    regex:
    • 'Apache Tomcat/(11.0.0-M1|11.0.1)'
    • 'Apache Tomcat/10.1.(0-M[1-9]|[1-2][0-9]|3[0-3])'
    • 'Apache Tomcat/9.0.(0-M[1-9]|[1-9][0-9]|97)'

[GeorginaReeder]

Thanks for your contributions @halimB8 !