Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

AMD warns about new temporary scheduler attacks affecting a wide range of CPUs

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Apache Tomcat vulnerability was actively exploited just 30 hours after public disclosure
Identity

Apache Tomcat vulnerability was actively exploited just 30 hours after public disclosure

userBy userMarch 17, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 17, 2025Ravi LakshmananVulnerability / Web Security

Apache Tomcat Vulnerability

The recently revealed security flaws affecting Apache Tomcat have been subjected to aggressive exploitation in the wild following the release of the Public Concept (POC) just 30 hours after public disclosure.

The vulnerability tracked as CVE-2025-24813 affects the following versions –

Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98

It relates to cases of remote code execution or disclosure when certain conditions are met –

Support for Wilfput enabled for default Servlet (disabled by default) support

The successful exploitation allows malicious users to view security-sensitive files, or insert any content into those files using PUT requests.

Additionally, an attacker can achieve remote code execution if all of the following conditions are true –

Write (enabled by default) applications enabled for support for partput (enabled by default) for default servlet (enabled by default) were using file-based session persistence in Tomcat using the default storage location application.

In an advisory released last week, the project maintainer said the vulnerabilities were resolved in Tomcat versions 9.0.99, 10.1.35 and 11.0.3.

Cybersecurity

But concerns, vulnerabilities already see attempts to exploit the wild around Wallam.

“This attack leverages Tomcat’s default session persistence mechanism, along with support for partial Put requests,” the company said.

“Exploit works in two steps. The attacker uploads a serialized Java session file via a PUT request. The attacker triggers deisolation by referencing the malicious session ID in the GET request.”

Put another way, an attack involves sending a Put request containing a Base64-encoded serialized Java payload written in Tomcat’s session storage directory. This will be done during the descent by sending a GET request pointing to the malicious session.

Wallarm also noted that vulnerabilities are easy to exploit and do not require authentication. The only prerequisite is that Tomcat uses file-based session storage.

“This exploit abuses session storage, but the bigger problem is partial handling in Tomcat. “Attackers will soon begin shifting their tactics, uploading malicious JSP files, changing configurations, and planting backdoors outside of session storage.”

Users running an affected version of Tomcat are recommended to update their instances as soon as possible to mitigate potential threats.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleFollower Control: BYDFI’s official response to extravod’s false allegations
Next Article Telegram founder Pavel Durov was allowed to leave France despite ongoing criminal investigations
user
  • Website

Related Posts

What security leaders need to know about AI governance in SaaS

July 10, 2025

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

July 10, 2025

AMD warns about new temporary scheduler attacks affecting a wide range of CPUs

July 10, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

AMD warns about new temporary scheduler attacks affecting a wide range of CPUs

Supports the supply of important minerals to meet demand

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.