2 November 2020
Diving into a WebSocket Vulnerability in Apache Tomcat

Apache Tomcat is a Java application server commonly used with web applications, which we often encounter in penetration tests.
In this post we will dive into the analysis of a vulnerability in the Apache Tomcat server and an exploit which helped our customer to assess the risk on their business. The vulnerability is a denial-of-service vulnerability appearing in conjunction with WebSockets, and has been assigned CVE-2020-13935.
Read more