Lucene search
K

44 matches found

RedHat Linux
RedHat Linux
added 2025/04/07 5:37 p.m.35 views

Moderate: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

10CVSS7.4AI score0.99945EPSS
Exploits58References3
RedHat Linux
RedHat Linux
added 2025/04/07 5:3 p.m.7 views

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

10CVSS7.8AI score0.99945EPSS
Exploits46References6
RedHat Linux
RedHat Linux
added 2025/04/07 5:1 p.m.5 views

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

10CVSS7.8AI score0.99945EPSS
Exploits46References6
RedHat Linux
RedHat Linux
added 2025/04/02 5:30 p.m.6 views

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

10CVSS7.8AI score0.99945EPSS
Exploits46References6
Amazon
Amazon
added 2025/04/01 12:0 a.m.9 views

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

9.8CVSS10AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Important: tomcat10

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS8.3AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.7 views

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS8.3AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/04/01 12:0 a.m.12 views

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...

10CVSS7.6AI score0.99945EPSS
Exploits47
OSV
OSV
added 2025/03/23 1:37 p.m.6 views

CLSA-2025-1742737069 Fix CVE(s): CVE-2025-24813

SECURITY UPDATE: path Equivalence Vulnerability - debian/patches/CVE-2025-24813.patch: enhance lifecycle of temporary files used by partial PUT to delete temporary file right after finishing request processing - CVE-2025-24813...

10CVSS7.2AI score0.99945EPSS
Exploits46References1
OSV
OSV
added 2025/03/21 5:22 p.m.8 views

CLSA-2025-1742577759 Fix CVE(s): CVE-2025-24813

SECURITY UPDATE: path Equivalence leading to Remote Code Execution and/or Information disclosure in Apache Tomcat - debian/patches/CVE-2025-24813.patch: Enhance lifecycle of temporary files used by partial PUT - CVE-2025-24813...

10CVSS7.4AI score0.99945EPSS
Exploits46References1
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 5:40 p.m.13 views

Apache Tomcat CVE-2025-24813: What You Need to Know

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...

10CVSS9.6AI score0.99945EPSS
Exploits46
SUSE Linux
SUSE Linux
added 2025/03/19 1:50 p.m.7 views

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

9.2CVSS6.9AI score0.99945EPSS
Exploits46References4
GithubExploit
GithubExploit
added 2025/03/16 11:59 a.m.376 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

利用条件 + DefaultServlet 写入功能启用:需在 web.xml 中配置 readonly=false...

9.8CVSS9.3AI score0.99945EPSS
Exploits46
VulnCheck KEV
VulnCheck KEV
added 2025/03/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-24813

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request...

10CVSS7.4AI score0.99945EPSS
Exploits46References1
SUSE CVE
SUSE CVE
added 2025/03/12 5:6 a.m.8 views

SUSE CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

8.1CVSS9.4AI score0.99945EPSS
Exploits46References11
Github Security Blog
Github Security Blog
added 2025/03/10 6:31 p.m.144 views

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS9.2AI score0.99945EPSS
Exploits46References15Affected Software2
OSV
OSV
added 2025/03/10 6:31 p.m.3 views

GHSA-83QJ-6FR2-VHQG Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

9.8CVSS7.3AI score0.99945EPSS
Exploits46References15
OSV
OSV
added 2025/03/10 5:15 p.m.3 views

UBUNTU-CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS7.1AI score0.99945EPSS
Exploits46References7
Cvelist
Cvelist
added 2025/03/10 4:44 p.m.199 views

CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

0.99945EPSS
Exploits46References1
Vulnrichment
Vulnrichment
added 2025/03/10 4:44 p.m.18 views

CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

9.3AI score0.99945EPSS
Exploits46References1
Rows per page
Query Builder