Apache Tomcat Remote Code Execution / Information Disclosure

🗓️ 18 Mar 2025 00:00:00Type

packetstorm🔗 packetstorm.news👁 278 Views

Important Apache Tomcat vulnerability allows remote code execution and information disclosure risks.

Reporter	Title	Published	Views	Family All 324
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	3 Jul 202500:31	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	14 Mar 202507:36	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	14 Mar 202503:11	–	githubexploit
GithubExploit	Exploit for CVE-2025-55752	29 Oct 202508:27	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	11 May 202519:50	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	22 Mar 202515:16	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	12 Jul 202502:40	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	27 Apr 202513:50	–	githubexploit
GithubExploit	Exploit for CVE-2025-2783	26 May 202512:51	–	githubexploit
GithubExploit	Exploit for Deserialization of Untrusted Data in Apache Tomcat	10 Dec 202509:53	–	githubexploit

CVE-2025-24813 Potential RCE and/or information disclosure and/or 
    information corruption with partial PUT
    
    Severity: Important
    
    Vendor: The Apache Software Foundation
    
    Versions Affected:
    Apache Tomcat 11.0.0-M1 to 11.0.2
    Apache Tomcat 10.1.0-M1 to 10.1.34
    Apache Tomcat 9.0.0.M1 to 9.0.98
    
    Description:
    The original implementation of partial PUT used a temporary file based 
    on the user provided file name and path with the path separator replaced 
    by ".".
    
    If all of the following were true, a malicious user was able to view 
    security sensitive files and/or inject content into those files:
    - writes enabled for the default servlet (disabled by default)
    - support for partial PUT (enabled by default)
    - a target URL for security sensitive uploads that was a sub-directory
       of a target URL for public uploads
    - attacker knowledge of the names of security sensitive files being
       uploaded
    - the security sensitive files also being uploaded via partial PUT
    
    If all of the following were true, a malicious user was able to perform 
    remote code execution:
    - writes enabled for the default servlet (disabled by default)
    - support for partial PUT (enabled by default)
    - application was using Tomcat's file based session persistence with
       the default storage location
    - application included a library that may be leveraged in a
       deserialization attack
    
    Mitigation:
    Users of the affected versions should apply one of the following
    mitigations:
    - Upgrade to Apache Tomcat 11.0.3 or later
    - Upgrade to Apache Tomcat 10.1.35 or later
    - Upgrade to Apache Tomcat 9.0.99 or later
    
    Credit:
    Information disclosure/corruption: COSCO Shipping Lines DIC
    Remote code execution: sw0rd1ight (https://github.com/sw0rd1ight)
    
    History:
    2025-03-10 Original advisory
    
    References:
    [1] https://tomcat.apache.org/security-11.html
    [2] https://tomcat.apache.org/security-10.html
    [3] https://tomcat.apache.org/security-9.html

18 Mar 2025 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 3.19.8

EPSS0.9413

SSVC