关联漏洞
标题:
Apache Tomcat 环境问题漏洞
(CVE-2025-24813)
描述:Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 11.0.0-M1至11.0.2版本、10.1.0-M1至10.1.34版本和9.0.0.M1至9.0.98版本存在环境问题漏洞。攻击者利用该漏洞可以远程执行代码或泄露敏感信息。
介绍
# CVE-2025-24813 - Apache Tomcat Remote Code Execution Exploit
This is a proof-of-concept (PoC) exploit for **CVE-2025-24813**, a vulnerability in Apache Tomcat (9.0.80–9.0.83, 10.1.0–10.1.17) that allows remote code execution (RCE) via session deserialization.
The exploit abuses partial PUT requests and the PersistentManager session storage mechanism to achieve code execution.
## Description
Apache Tomcat incorrectly handles incomplete file uploads.
An attacker can upload a crafted serialized Java object as a `.session` file into the `work/` directory by sending a partial PUT request with a `Content-Range` header.
Once uploaded, the malicious session is automatically deserialized by Tomcat when a request with a matching `JSESSIONID` cookie is received, leading to arbitrary code execution.
## Requirements
- Apache Tomcat 9.0.80–9.0.83 or 10.1.0–10.1.17
- DefaultServlet `readonly=false`
- PersistentManager and FileStore configured
- ysoserial or similar tool to generate payloads
## Usage
```bash
python3 exploit_cve202524813.py <target_url> <payload_file> <session_id> <trigger_path>
文件快照
[4.0K] /data/pocs/1b512ae187b2492b976f75604eead6ea0b218deb
├── [2.0K] exploit.py
└── [1.1K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。