VDB
CNVD-2026-13409
CNVD-2026-13409
PUBLISHED
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器,用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat客户端证书存在验证缺陷漏洞,该漏洞是由于允许吊销证书/测试证书访问,如同时启用了基于客户端证书的认证机制,攻击者可利用该漏洞导致应用的授权机制绕过和EoP。
Exploit Intelligence
- This repository contains a proof-of-concept (PoC) environment designed to test for CVE-2026-29145. (github-poc)
- This repository contains a proof-of-concept (PoC) environment designed to test for CVE-2026-29145. (github-poc-repo)
- gregk4sec/cve-2026-29145 (github-poc-repo)
- This repository contains a proof-of-concept (PoC) environment designed to test for CVE-2026-29145. (github-poc-repo)
- This repository contains a proof-of-concept (PoC) environment designed to test for CVE-2026-29145. (github-poc)
- gregk4sec/cve-2026-29145 (github-poc)
- suppressions.xml (github-poc)
- setup_certs.ps1 (github-poc)
- cleanup.ps1 (github-poc)
- poc_exploit.py (github-poc)
Timeline
- Apr 9, 2026 CVE Published