关联漏洞
标题:
Apache Tomcat 环境问题漏洞
(CVE-2025-24813)
描述:Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 11.0.0-M1至11.0.2版本、10.1.0-M1至10.1.34版本和9.0.0.M1至9.0.98版本存在环境问题漏洞。攻击者利用该漏洞可以远程执行代码或泄露敏感信息。
描述
Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability in Apache Tomcat. This PoC exploits unsafe deserialization via crafted session files uploaded through HTTP PUT requests, allowing attackers to execute arbitrary code remotely on vulnerable Tomcat servers.
介绍
# CVE-2025-24813 Apache Tomcat RCE PoC
## Description
This is a Proof of Concept (PoC) for CVE-2025-24813, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability arises from unsafe deserialization of crafted session files uploaded via HTTP PUT requests, allowing attackers to execute arbitrary code remotely on vulnerable Tomcat servers.
## Vulnerability Details
- **CVE ID:** CVE-2025-24813
- **Affected Software:** Apache Tomcat (versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34, 11.0.0-M1 to 11.0.2)
- **Type:** Remote Code Execution (RCE)
- **Attack Vector:** HTTP PUT with crafted session payload + HTTP GET to trigger deserialization
- **Impact:** Remote attacker can execute arbitrary Java code on the server
## Prerequisites
- Target must be running a vulnerable version of Apache Tomcat
- HTTP PUT requests must be allowed to upload files to a writable directory
- Ability to trigger deserialization by accessing the uploaded session file
- Java environment for generating payloads (e.g., using ysoserial)
## Usage
1. Generate payload (optional, if not included):
java -jar ysoserial.jar CommonsCollections1 "your_command" > payload.ser
2. Run the PoC script:
python3 CVE-2025-24813.py <target_url> [options]
3. The script will upload the malicious session file and trigger remote code execution.
## Disclaimer
This PoC is for educational and authorized testing purposes only. Do NOT use it on systems without explicit permission. The author is not responsible for any misuse or damage caused by this tool.
## References
- [Apache Tomcat Security Advisory](https://tomcat.apache.org/security.html)
- [CVE-2025-24813 Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813)
文件快照
[4.0K] /data/pocs/b107fabfd8ebac2c07e42a37e2c8ee019ed200b5
├── [7.2K] CVE-2025-24813.py
└── [1.7K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。