一、 漏洞 CVE-2025-24813 基础信息
漏洞信息
                                        # Apache Tomcat: 带有部分PUT的潜在RCE以及信息泄露以及信息破坏

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
路径等价:’file.name’ (内部点号)
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache Tomcat 环境问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 11.0.0-M1至11.0.2版本、10.1.0-M1至10.1.34版本和9.0.0.M1至9.0.98版本存在环境问题漏洞。攻击者利用该漏洞可以远程执行代码或泄露敏感信息。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
环境问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-24813 的公开POC
# POC 描述 源链接 神龙链接
1 Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813) https://github.com/iSee857/CVE-2025-24813-PoC POC详情
2 CVE-2025-24813_POC https://github.com/N0c1or/CVE-2025-24813_POC POC详情
3 Security Researcher https://github.com/gregk4sec/CVE-2025-24813 POC详情
4 his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met. https://github.com/absholi7ly/POC-CVE-2025-24813 POC详情
5 cve-2025-24813验证脚本 https://github.com/FY036/cve-2025-24813_poc POC详情
6 CVE-2025-24813利用工具 https://github.com/charis3306/CVE-2025-24813 POC详情
7 CVE-2025-24813 - Apache Tomcat Vulnerability Scanner https://github.com/issamjr/CVE-2025-24813-Scanner POC详情
8 Nuclei Template CVE-2025–24813 https://github.com/imbas007/CVE-2025-24813-apache-tomcat POC详情
9 Apache Tomcat Remote Code Execution (RCE) Exploit - CVE-2025-24813 https://github.com/msadeghkarimi/CVE-2025-24813-Exploit POC详情
10 None https://github.com/naikordian/CVE-2025-24813 POC详情
11 Apache Tomcat Vulnerability POC (CVE-2025-24813) https://github.com/michael-david-fry/Apache-Tomcat-Vulnerability-POC-CVE-2025-24813 POC详情
12 Resources for teh Apache Tomcat CVE lab https://github.com/ps-interactive/lab-cve-2025-24813 POC详情
13 POC for CVE-2025-24813 using Spring-Boot https://github.com/n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813 POC详情
14 CVE-2025-24813 Apache Tomcat RCE Proof of Concept (PoC) https://github.com/Alaatk/CVE-2025-24813-POC POC详情
15 None https://github.com/MuhammadWaseem29/CVE-2025-24813 POC详情
16 A PoC for CVE-2025-24813 https://github.com/tonyarris/CVE-2025-24813-PoC POC详情
17 Session Exploit https://github.com/beyond-devsecops/CVE-2025-24813 POC详情
18 A playground to test the RCE exploit for tomcat CVE-2025-24813 https://github.com/u238/Tomcat-CVE_2025_24813 POC详情
19 Create lab for CVE-2025-24813 https://github.com/AlperenY-cs/CVE-2025-24813 POC详情
20 This repository contains a shell script based POC on Apache Tomcat CVE-2025-24813. It allow you to easily test the vulnerability on any version of Apache Tomcat https://github.com/manjula-aw/CVE-2025-24813 POC详情
21 None https://github.com/B1gN0Se/Tomcat-CVE-2025-24813 POC详情
22 simple exp for CVE-2025-24813 https://github.com/AsaL1n/CVE-2025-24813 POC详情
23 CVE-2025-24813-POC JSP Web Shell Uploader https://github.com/La3B0z/CVE-2025-24813-POC POC详情
24 None https://github.com/Heimd411/CVE-2025-24813-noPoC POC详情
25 Hello researchers, I have a checker for the recent vulnerability CVE-2025-24813-checker. https://github.com/horsehacks/CVE-2025-24813-checker POC详情
26 None https://github.com/GadaLuBau1337/CVE-2025-24813 POC详情
27 A simple, easy-to-use POC for CVE-2025-42813 (Apache Tomcat versions below 9.0.99). https://github.com/f8l124/CVE-2025-24813-POC POC详情
28 CVE-2025-24813 poc https://github.com/Franconyu/Poc_for_CVE-2025-24813 POC详情
29 Path Equivalence- 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-24813.yaml POC详情
30 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Tomcat%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-24813.md POC详情
31 https://github.com/vulhub/vulhub/blob/master/tomcat/CVE-2025-24813/README.md POC详情
32 None https://github.com/Mattb709/CVE-2025-24813-PoC-Apache-Tomcat-RCE POC详情
33 CVE-2025-24813-Scanner is a Python-based vulnerability scanner that detects Apache Tomcat servers vulnerable to CVE-2025-24813, an arbitrary file upload vulnerability leading to remote code execution (RCE) via insecure PUT method handling and jsessionid exploitation. https://github.com/Mattb709/CVE-2025-24813-Scanner POC详情
34 CVE-2025-24813的vulhub环境的POC脚本 https://github.com/Erosion2020/CVE-2025-24813-vulhub POC详情
35 Proof of Concept (PoC) script for CVE-2025-24813, vulnerability in Apache Tomcat. https://github.com/hakankarabacak/CVE-2025-24813 POC详情
36 Remote Code Execution (RCE) vulnerability in Apache Tomcat. https://github.com/Eduardo-hardvester/CVE-2025-24813 POC详情
37 None https://github.com/fatkz/CVE-2025-24813 POC详情
38 PoC para o CVE-2025-24813 https://github.com/maliqto/PoC-CVE-2025-24813 POC详情
39 Apache Tomcat - Remote Code Execution via Session Deserialization (CVE-2025-24813) https://github.com/mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813- POC详情
40 tomcat CVE-2025-24813 反序列化RCE环境 https://github.com/x1ongsec/CVE-2025-24813 POC详情
41 None https://github.com/yaleman/cve-2025-24813-poc POC详情
42 POC https://github.com/GongWook/CVE-2025-24813 POC详情
43 Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability in Apache Tomcat. This PoC exploits unsafe deserialization via crafted session files uploaded through HTTP PUT requests, allowing attackers to execute arbitrary code remotely on vulnerable Tomcat servers. https://github.com/sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC POC详情
44 A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813] https://github.com/x00byte/PutScanner POC详情
45 None https://github.com/uzairhaider502/CVE-2025-24813 POC详情
46 Apache Tomcat PUT JSP RCE - CVE-2025-24813 - Exploit & PoC https://github.com/Shivshantp/CVE-2025-24813 POC详情
三、漏洞 CVE-2025-24813 的情报信息
四、漏洞 CVE-2025-24813 的评论

暂无评论

发表评论