Another attack that can be victimized by Tomcat is the exploit called Apache Tomcat Manager Application Deployer Authenticated Code Execution. This exploit is associated with a vulnerability present in Tomcat, identified as CVE-2009-3843 and with a high degree of severity (10). This vulnerability allows the execution of a payload on the server, which was previously loaded into it as a .war file. For the execution of said exploit, it is necessary to have obtained a user and their password, by means of the auxiliary module or an alternative route. This exploit is located in the multi/http/tomcat_mgr_deploy path.
At the msf> command line, enter: use exploit/multi/http/tomcat_mgr_deploy
Once the exploit has ...