Apache Tomcat is a cornerstone of enterprise Java infrastructure, making any security flaw in it highly critical. When a remote code execution (RCE) vulnerability emerges in Tomcat, systems administrators and security teams face an immediate race against time to identify vulnerable instances. The specific problem this proof-of-concept (PoC) addresses is the lack of immediate, actionable verification tools when a new Apache Tomcat CVE is disclosed.

Without a working demonstration, security teams must rely on passive version checking, which often produces false positives or fails to account for custom configurations that might mitigate or exacerbate the risk. This project provides