MiracleLinux 7 : tomcat-7.0.76-16.0.3.el7.AXS7 (AXSA:2025-10787:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10787:07 advisory. CVE-2025-24813: fix path equivalence vulnerability leading to remote code execution and information disclosure CVEs: CVE-2025-24813 Path Equivalence:...

📄 Apache Tomcat 11.0.3 Remote Session Injection

A vulnerability in Apache Tomcat version 11.0.3 allows attackers to upload a .session file containing a malicious Java serialized payload and then trigger it through a forged JSESSIONID cookie...

RockyLinux 10 : tomcat9 (RLSA-2025:7494)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7494 advisory. tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-24813 Tenable has extracted the preceding description...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

It is an offensive tool for Apache exploitation. The repository...

CLSA-2025-1755272015 tomcat: Fix of CVE-2025-24813

CVE-2025-24813: fix path equivalence vulnerability leading to remote code execution and information disclosure...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Exploit Toolkit This is an advanced and automa...

Security Bulletin: IBM Guardium Data Protection is affected by multiple Tomcat vulnerabilities (CVE-2025-24813, CVE-2024-50379)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

🚨 CVE-2025-24813 – Apache Tomcat PUT JSP RCE Exploit !CVEh...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE PoC Description This is...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE Exploit PoC This repository...

TencentOS Server 3: tomcat (TSSA-2025:0304)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0304 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Ubuntu: Security Advisory (USN-7525-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7525-2: Tomcat vulnerability

USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library libtomcat9-java and not the full tomcat server stack...

Ubuntu: Security Advisory (USN-7525-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 4.0: Apache PHSA-2025-4.0-0777

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0777. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

ALSA-2025:7494 Moderate: tomcat9 security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 - Apache Tomcat Remote Code Execution Exploit...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat [CVE-2025-24813]

Summary IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat, due to a Path Equivalence issue with 'file.Name' Internal Dot CVE-2025-24813. Apache Tomcat is used in our Speech microservices. This...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat [CVE-2025-24813]

Summary IBM Watson Speech Services Cartridge is vulnerable to Remote Code Execution and/or Information disclosure and/or malicious content in Apache Tomcat, due to a Path Equivalence issue with 'file.Name' Internal Dot CVE-2025-24813. Apache Tomcat is used in our Speech microservices. This...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Proof of Concept PoC script for CVE-2025-2481...