By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Tech News

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

By Viral Trending Content 4 Min Read
Share
SHARE

Mar 17, 2025Ravie LakshmananVulnerability / Web Security

Apache Tomcat Vulnerability

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure.

The vulnerability, tracked as CVE-2025-24813, affects the below versions –

  • Apache Tomcat 11.0.0-M1 to 11.0.2
  • Apache Tomcat 10.1.0-M1 to 10.1.34
  • Apache Tomcat 9.0.0-M1 to 9.0.98

It concerns a case of remote code execution or information disclosure when specific conditions are met –

  • Writes enabled for the default servlet (disabled by default)
  • Support for partial PUT (enabled by default)
  • A target URL for security sensitive uploads that is a sub-directory of a target URL for public uploads
  • Attacker knowledge of the names of security sensitive files being uploaded
  • The security sensitive files are also being uploaded via partial PUT

Successful exploitation could permit a malicious user to view security sensitive files or inject arbitrary content into those files by means of a PUT request.

Additionally, an attacker could achieve remote code execution if all the following conditions are true –

  • Writes enabled for the default servlet (disabled by default)
  • Support for partial PUT (enabled by default)
  • Application was using Tomcat’s file based session persistence with the default storage location
  • Application included a library that may be leveraged in a deserialization attack

In an advisory released last week, the project maintainers said the vulnerability has been resolved in Tomcat versions 9.0.99, 10.1.35, and 11.0.3.

Cybersecurity

But in a concerning twist, the vulnerability is already seeing exploitation attempts in the wild, per Wallarm.

“This attack leverages Tomcat’s default session persistence mechanism along with its support for partial PUT requests,” the company said.

“The exploit works in two steps: The attacker uploads a serialized Java session file via PUT request. The attacker triggers deserialization by referencing the malicious session ID in a GET request.”

Put differently, the attacks entail sending a PUT request containing a Base64-encoded serialized Java payload that’s written to Tomcat’s session storage directory, which subsequently gets executed during deserialization by sending a GET request with the JSESSIONID pointing to the malicious session.

Wallarm also noted that the vulnerability is trivial to exploit and requires no authentication. The only prerequisite is that Tomcat uses file-based session storage.

“While this exploit abuses session storage, the bigger issue is partial PUT handling in Tomcat, which allows uploading practically any file anywhere,” it added. “Attackers will soon start shifting their tactics, uploading malicious JSP files, modifying configurations, and planting backdoors outside session storage.”

Users running affected versions of Tomcat are advised to update their instances as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

You Might Also Like

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Girls in Single-Sex Schools Face Major STEM Access Gap

The ‘Surge’ of Troops May Not Come to San Francisco, but the City Is Ready Anyway

Dublin aquatech PT Aqua named BIM Business of the Year 2025

The Truth About the Meta Display Glasses

TAGGED: Apache Tomcat, Cyber Security, Cybersecurity, Internet, java, Patch Management, Remote Code Execution, Threat Intelligence, Vulnerability, web security
Share This Article
Facebook Twitter Copy Link
Previous Article Here’s the Tesco share price forecast for the next 12 months!
Next Article DeeptechFest Ireland Returns to Republic of Work
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Fallout 76: Burning Springs Update is Out on December 2, PS5, Xbox Series X/S Versions Set For 2026
Gaming News
Paytm and Vedanta emerge as top buys amid sectoral rotation and profit booking: CA Rudramurthy BV
Business
Bitcoin’s institutional surge widens trillion-dollar gap with altcoins
Crypto
Best Presales Live News Today: Latest Updates on Early Crypto Projects with 10x Potential (October 24)
Crypto
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Tech News
Girls in Single-Sex Schools Face Major STEM Access Gap
Tech News
European lawmakers call for end to EU support for all Libyan security forces
World News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Fallout 76: Burning Springs Update is Out on December 2, PS5, Xbox Series X/S Versions Set For 2026

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Fallout 76: Burning Springs Update is Out on December 2, PS5, Xbox Series X/S Versions Set For 2026
October 24, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?