[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":52,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":59,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":65,"vulnerability-19988":72},[4,17,27,34,41,47],{"title":5,"slug":5,"text":6,"link":7,"external":8,"targets":9,"cta":15,"variant":16,"campaign_id":5},"wp2shell","Validate wp2shell: one-click detection & exploitation confirms exposed or patched WP targets.","https://pentest-tools.com/pricing",false,[10,11,12,13,14],"/","/network-vulnerability-scanning/network-security-scanner-online","/cms-vulnerability-scanning/wordpress-scanner-online-wpscan","/website-vulnerability-scanning/website-scanner","/product","Confirm the risk","secondary",{"title":18,"slug":19,"text":20,"link":21,"external":22,"targets":23,"cta":25,"variant":26,"campaign_id":5},"wp2shell (pricing)","wp2shell-p","Validate *wp2shell* exposure & mitigation! Detect with any plan. Exploit with Pentest Suite.","https://pentest-tools.com/vulnerabilities-exploits/wordpress-core-69-701-pre-auth-blind-sql-injection-batch-route-confusion_29451",true,[24],"/pricing","See CVE details","primary",{"title":28,"slug":29,"text":30,"link":7,"external":8,"targets":31,"cta":33,"variant":16,"campaign_id":5},"wp2shell (Sniper)","wp2shell-sniper","Validate wp2shell: one-click detection & exploitation confirms exposed or patched WP targets",[32],"exploit-helpers/sniper","Get it with Pentest Suite",{"title":35,"slug":36,"text":37,"link":7,"external":8,"targets":38,"cta":40,"variant":16,"campaign_id":5},"wp2shell (CVE page - detection)","wp2shell-cve-page","Validate wp2shell exposure & mitigation! Detect with any plan. Exploit with Pentest Suite.",[39],"/vulnerabilities-exploits/wordpress-core-69-701-pre-auth-blind-sql-injection-batch-route-confusion_29451","Explore plans",{"title":42,"slug":43,"text":44,"link":21,"external":8,"targets":45,"cta":25,"variant":16,"campaign_id":5},"wp2shell (Vuln DB homepage)","wp2shell-vuln-db","Emergency CVE response: detection & exploitation now available for *wp2shell*, the critical WP RCE chain",[46],"/vulnerabilities-exploits/",{"title":48,"slug":49,"text":37,"link":7,"external":8,"targets":50,"cta":40,"variant":16,"campaign_id":5},"wp2shell (CVE page - exploitation)","wp2shell-cve-page-exploit",[51],"/vulnerabilities-exploits/wp2shell-wordpress-core-690-694-and-700-701-pre-auth-batch-route-confusion-leading-to-sql-injection_29452",["Island",53],{"key":54,"params":55,"result":57},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":56},"{}",{"head":58},{},["Island",60],{"key":61,"params":62,"result":63},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":56},{"head":64},{},["Island",66],{"key":67,"params":68,"result":70},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":69},"{\"text-color\":\"gray\"}",{"head":71},{},{"id":73,"detectable_with":74,"vuln_details":81,"vuln_id":109,"name":110,"published":111,"updated":82},19988,{"tool":75,"engine":78},{"id":76,"name":77},1,"Network Scanner",{"id":79,"name":80},3,"OpenVAS",{"id":73,"codename":82,"description":82,"severity":83,"risk_description":84,"public_description":85,"public_recommendation":86,"recommendation":82,"references":87,"cvssv3":101,"epss_score":102,"epss_percentile":103,"cve":104,"in_cisa_catalog":22,"date":108,"software_type":82,"vendor":82,"product":82,"ptt_exploit_capabilities":82},null,"medium","The following flaws exist: - CVE-2023-42795: When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. - CVE-2023-44487: HTTP/2 rapid reset attack - CVE-2023-45648: A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.","Apache Tomcat is prone to multiple vulnerabilities.","Update to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or later.",[88,89,90,91,92,93,94,95,96,97,98,99,100],"https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw","https://lists.apache.org/thread/3m81kt8c2gtg4nkjfwt2hvt5l9ycx6vl","https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp","https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12","https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14","https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81","https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94","https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack","https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/","https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/","https://www.openwall.com/lists/oss-security/2023/10/10/6","https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487","https://www.cisa.gov/known-exploited-vulnerabilities-catalog",5.3,0.99999,0.99997,[105,106,107],"CVE-2023-42795","CVE-2023-44487","CVE-2023-45648","2023-10-10T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.170598","Apache Tomcat Multiple Vulnerabilities (Oct 2023) - Windows","2023-10-11T00:00:00Z"]