Lucene search
K

171 matches found

Amazon
Amazon
added 2025/04/01 12:0 a.m.12 views

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...

10CVSS7.6AI score0.99945EPSS
Exploits47
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Important: tomcat

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS7.9AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS8.3AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Important: tomcat10

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS8.3AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

9.8CVSS10AI score0.99945EPSS
Exploits46
OSV
OSV
added 2025/03/23 1:34 p.m.9 views

CLSA-2025-1742733084 tomcat: Fix of CVE-2025-24813

CVE-2025-24813: Fix path equivalence vulnerability to prevent remote code execution and information disclosure in Default Servlet...

10CVSS7.5AI score0.99945EPSS
Exploits46References1
SUSE CVE
SUSE CVE
added 2025/03/12 5:6 a.m.8 views

SUSE CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

8.1CVSS9.4AI score0.99945EPSS
Exploits46References11
Hacker One
Hacker One
added 2025/03/11 2:42 p.m.583 views

Internet Bug Bounty: CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet

The Apache Tomcat vulnerability CVE-2025-24813 allowed remote code execution and information disclosure. The vulnerability was caused by a combination of features, including writes enabled for the default servlet, support for partial PUT requests, and the use of Tomcat's file-based session...

10CVSS7.5AI score0.99945EPSS
Exploits46
Github Security Blog
Github Security Blog
added 2025/03/10 6:31 p.m.144 views

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS9.2AI score0.99945EPSS
Exploits46References15Affected Software2
OSV
OSV
added 2025/03/10 6:31 p.m.3 views

GHSA-83QJ-6FR2-VHQG Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

9.8CVSS7.3AI score0.99945EPSS
Exploits46References15
OSV
OSV
added 2025/03/10 5:15 p.m.5 views

DEBIAN-CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

9.8CVSS9.1AI score0.99945EPSS
Exploits46References1
NVD
NVD
added 2025/03/10 5:15 p.m.34 views

CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS0.99945EPSS
Exploits46References10
OSV
OSV
added 2025/03/10 5:15 p.m.5 views

UBUNTU-CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS7.1AI score0.99945EPSS
Exploits46References7
Debian CVE
Debian CVE
added 2025/03/10 4:44 p.m.546 views

CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS9.1AI score0.99945EPSS
Exploits46
CVE
CVE
added 2025/03/10 4:44 p.m.1263 views

CVE-2025-24813

Summary of CVE-2025-24813 : A path equivalence issue in Apache Tomcat’s Default Servlet can allow remote code execution and/or information disclosure via uploaded files when writes are enabled and PUT support is misused. Affected are Tomcat 11.0.0-M1–11.0.2, 10.1.0-M1–10.1.34, and 9.0.0.M1–9.0.98...

10CVSS9.3AI score0.99945EPSS
In wildExploits46References10Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/03/10 12:0 a.m.21 views

CVE-2025-24813

Path Equivalence: ‘file.Name’ Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS9.6AI score0.99945EPSS
In wildExploits46References3
Snyk
Snyk
added 2025/03/09 10:0 p.m.9 views

Path Equivalence

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Path Equivalence in the doPut function in DefaultServlet.java, which insecurely replaces path separators with .s. If the Default...

10CVSS9.1AI score0.99945EPSS
Exploits46References2
OSV
OSV
added 2025/02/28 3:34 p.m.8 views

OESA-2025-1226 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

9.8CVSS6.8AI score0.08856EPSS
Exploits13References2
RedHat Linux
RedHat Linux
added 2025/02/27 11:20 a.m.7 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.43663EPSS
Exploits13References5
Apache Tomcat
Apache Tomcat
added 2025/02/10 12:0 a.m.34 views

Fixed in Apache Tomcat 9.0.99

Important: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet - CVE-2025-24813 The original implementation of partial PUT used a temporary file based on the user provided file name and path with the path separator...

10CVSS9.2AI score0.99945EPSS
Exploits46Affected Software1
Rows per page
Query Builder