By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Tech News

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

By Viral Trending Content 4 Min Read
Share
SHARE

Mar 17, 2025Ravie LakshmananVulnerability / Web Security

Apache Tomcat Vulnerability

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure.

The vulnerability, tracked as CVE-2025-24813, affects the below versions –

  • Apache Tomcat 11.0.0-M1 to 11.0.2
  • Apache Tomcat 10.1.0-M1 to 10.1.34
  • Apache Tomcat 9.0.0-M1 to 9.0.98

It concerns a case of remote code execution or information disclosure when specific conditions are met –

  • Writes enabled for the default servlet (disabled by default)
  • Support for partial PUT (enabled by default)
  • A target URL for security sensitive uploads that is a sub-directory of a target URL for public uploads
  • Attacker knowledge of the names of security sensitive files being uploaded
  • The security sensitive files are also being uploaded via partial PUT

Successful exploitation could permit a malicious user to view security sensitive files or inject arbitrary content into those files by means of a PUT request.

Additionally, an attacker could achieve remote code execution if all the following conditions are true –

  • Writes enabled for the default servlet (disabled by default)
  • Support for partial PUT (enabled by default)
  • Application was using Tomcat’s file based session persistence with the default storage location
  • Application included a library that may be leveraged in a deserialization attack

In an advisory released last week, the project maintainers said the vulnerability has been resolved in Tomcat versions 9.0.99, 10.1.35, and 11.0.3.

Cybersecurity

But in a concerning twist, the vulnerability is already seeing exploitation attempts in the wild, per Wallarm.

“This attack leverages Tomcat’s default session persistence mechanism along with its support for partial PUT requests,” the company said.

“The exploit works in two steps: The attacker uploads a serialized Java session file via PUT request. The attacker triggers deserialization by referencing the malicious session ID in a GET request.”

Put differently, the attacks entail sending a PUT request containing a Base64-encoded serialized Java payload that’s written to Tomcat’s session storage directory, which subsequently gets executed during deserialization by sending a GET request with the JSESSIONID pointing to the malicious session.

Wallarm also noted that the vulnerability is trivial to exploit and requires no authentication. The only prerequisite is that Tomcat uses file-based session storage.

“While this exploit abuses session storage, the bigger issue is partial PUT handling in Tomcat, which allows uploading practically any file anywhere,” it added. “Attackers will soon start shifting their tactics, uploading malicious JSP files, modifying configurations, and planting backdoors outside session storage.”

Users running affected versions of Tomcat are advised to update their instances as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

You Might Also Like

Samsung Galaxy Tab S11 Review: It’s Time For Something New

How the World’s Largest 3D Object Library By Microsoft & NVIDIA

Oracle links Clop extortion attacks to July 2025 vulnerabilities

Is Social Media the Best Tool for Business Growth?

Five SETU scientists listed among world’s top 2pc on Stanford list

TAGGED: Apache Tomcat, Cyber Security, Cybersecurity, Internet, java, Patch Management, Remote Code Execution, Threat Intelligence, Vulnerability, web security
Share This Article
Facebook Twitter Copy Link
Previous Article Here’s the Tesco share price forecast for the next 12 months!
Next Article DeeptechFest Ireland Returns to Republic of Work
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Samsung Galaxy Tab S11 Review: It’s Time For Something New
Tech News
Parents sue Tesla after their 19-year-old daughter died in her Cybertruck, alleging faulty door design made it impossible to escape the burning car
Business
Ripple Maps XRP Ledger’s Future: ‘No Privacy, No Adoption’
Crypto
Mono Protocol’s launch highlights: $1.7M raised and a vision for one account, one balance, one click
Crypto
Netflix Hiring A Director Of Generative AI For Gaming With A Starting Salary Of Up To $840K
Gaming News
All aboard: High-speed train links for travel to major European cities gets under way
Travel
Megabonk Sells 1 Million Units in Two Weeks
Gaming News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Samsung Galaxy Tab S11 Review: It’s Time For Something New

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Samsung Galaxy Tab S11 Review: It’s Time For Something New
October 3, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?