关联漏洞
标题:
Apache Tomcat 环境问题漏洞
(CVE-2025-24813)
描述:Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 11.0.0-M1至11.0.2版本、10.1.0-M1至10.1.34版本和9.0.0.M1至9.0.98版本存在环境问题漏洞。攻击者利用该漏洞可以远程执行代码或泄露敏感信息。
介绍
# Apache Tomcat CVE-2025-24813 Proof of Concept (PoC)
A proof-of-concept exploit for the Apache Tomcat deserialization vulnerability (CVE-2025-24813). This tool demonstrates how attackers could exploit insecure deserialization in Tomcat's session management.
**WARNING**: This tool is for authorized security testing and educational purposes only. Unauthorized use against systems you don't own is illegal.
## Features
- Supports both default (safe) and custom payloads
- SSL/TLS support (with optional verification bypass)
- Color-coded output for better visibility
- Interactive payload selection
- Configurable timeouts
## Requirements
- Python 3.x
- Required packages (automatically installed via requirements.txt):
- `requests`
- `colorama`
## Installation
```bash
git clone https://github.com/yourusername/CVE-2025-24813-PoC.git
cd CVE-2025-24813-PoC
pip install -r requirements.txt
```
## Usage
Basic usage:
```bash
python CVE-2025-24813-PoC.py -t 192.168.1.100 -p 8080
```
Advanced options:
```bash
python CVE-2025-24813-PoC.py \
-t 10.0.0.1 \
-p 8443 \
--protocol https \
--no-verify \
--timeout 15
```
### Command Line Arguments
| Argument | Description | Required |
|----------|-------------|----------|
| `-t`, `--target` | Target IP address | Yes |
| `-p`, `--port` | Target port number | Yes |
| `--protocol` | `http` or `https` (default: http) | No |
| `--no-verify` | Disable SSL certificate verification | No |
| `--timeout` | Request timeout in seconds (default: 10) | No |
## Payload Options
1. **Default Payload**: Harmless serialized object (safe for detection)
2. **Custom Payload**: Hex-encoded payload from tools like ysoserial
## Example Output
```plaintext
[*] Apache Tomcat CVE-2025-24813 Exploit PoC
[!] WARNING: For authorized testing only. Unauthorized use is illegal.
[*] Targeting http://192.168.1.100:8080
[*] Payload Options:
1. Use default dummy payload (safe, for detection)
2. Enter custom payload (hex-encoded, e.g., from ysoserial)
[?] Enter choice (1 or 2): 1
[*] Using default dummy payload.
[*] Attempting exploit...
[+] Success: Deserialization triggered (HTTP 500). Potential RCE if payload is malicious!
```
## Related Tools
For mass scanning vulnerable systems:
🔍 [CVE-2025-24813-Scanner](https://github.com/Mattb709/CVE-2025-24813-Scanner) - Bulk detection tool for vulnerable Tomcat hosts
## Mitigation
If you're affected by this vulnerability:
1. Upgrade to the latest patched version of Apache Tomcat
2. Consider using a serialization filter
## Legal Disclaimer
This software is provided under the MIT License. The author is not responsible for any misuse of this tool. Always obtain proper authorization before testing systems.
## License
MIT License - See [LICENSE](LICENSE) file for details.
文件快照
[4.0K] /data/pocs/bdfbb1b452cb6fd7f1e74cd8bbf0b753c1b33ea0
├── [4.6K] CVE-2025-24813-PoC.py
├── [1.0K] LICENSE
├── [2.8K] README.md
└── [ 50] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。