VDB

GCVE-110-OSM-2020-4

GCVE-110-OSM-2020-4
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published December 27, 2020
Brandjacking attack impersonating legitimate servlet API components from Apache, Eclipse Jetty, and Tomcat. Contains reverse TCP shell backdoor targeting Java web applications. Malicious code in doGet() method of HttpServlet.class. Uses base64 encoding to obfuscate C2 server IP and port. Opens reverse TCP shell to 45.87.122.54:8888 on every HTTP GET request serviced by the web application. Gives attackers interactive shell access with same privileges as the backdoored application. SHA1: c018607d8597ba2b9e64561518b9dfbb65ff9f2b

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownservlet-api3.2.0 (affected)

References

vendor

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›