44 matches found
Moderate: Red Hat Security Advisory: tomcat security update
An update for tomcat is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...
Important: tomcat9
Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...
Important: tomcat10
Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...
Important: tomcat9
Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...
Important: tomcat
Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...
CLSA-2025-1742737069 Fix CVE(s): CVE-2025-24813
SECURITY UPDATE: path Equivalence Vulnerability - debian/patches/CVE-2025-24813.patch: enhance lifecycle of temporary files used by partial PUT to delete temporary file right after finishing request processing - CVE-2025-24813...
CLSA-2025-1742577759 Fix CVE(s): CVE-2025-24813
SECURITY UPDATE: path Equivalence leading to Remote Code Execution and/or Information disclosure in Apache Tomcat - debian/patches/CVE-2025-24813.patch: Enhance lifecycle of temporary files used by partial PUT - CVE-2025-24813...
Apache Tomcat CVE-2025-24813: What You Need to Know
Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
利用条件 + DefaultServlet 写入功能启用:需在 web.xml 中配置 readonly=false...
VulnCheck KEV: CVE-2025-24813
Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request...
SUSE CVE-2025-24813
Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...
GHSA-83QJ-6FR2-VHQG Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...
UBUNTU-CVE-2025-24813
Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...
CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...
CVE-2025-24813 Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...