关联漏洞
标题:Apache Tomcat 安全漏洞 (CVE-2025-55752)Description:Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat存在安全漏洞,该漏洞源于URL重写规则存在路径遍历问题,可能导致绕过安全限制和远程代码执行。以下版本受到影响:11.0.0-M1版本至11.0.10版本、10.1.0-M1版本至10.1.44版本、9.0.0.M11版本至9.0.108版本和8.5.6版本至8.5.100版本。
Description
CVE-2025-55752
介绍
# 🚨 CVE‑2025‑55752 — Apache Tomcat Directory Traversal / RCE Regression
### 📌 Summary
A regression in Apache Tomcat introduced a **Relative Path Traversal** vulnerability when rewrite rules map query parameters into URLs. The URL is normalized before decoding, allowing attackers to bypass internal protections (such as `/WEB-INF/` or `/META-INF/`). If HTTP PUT is enabled, malicious file uploads could lead to **Remote Code Execution (RCE)**.
---
### 📋 Affected Versions
| Tomcat Branch | Vulnerable Versions |
| ------------- | ------------------- |
| 11 | 11.0.0‑M1 → 11.0.10 |
| 10.1 | 10.1.0‑M1 → 10.1.44 |
| 9.0 | 9.0.0‑M11 → 9.0.108 |
| 8.5 / EOL | 8.5.6 → 8.5.100 |
**Mitigation:** Upgrade to **11.0.11**, **10.1.45**, or **9.0.109** (or later).
---
### ⚠️ Severity
* **CVSS v3.1 Score:** 7.5 (High)
* **Impact:** Confidentiality, Integrity, Availability — All High
* **Attack Complexity:** Moderate (requires specific rewrite rules and/or HTTP PUT enabled)
---
### 🔍 Attack Vector
1. A server uses rewrite rules mapping query parameters into URLs.
2. The URL normalization logic allows crafted path traversal sequences (`../`) to bypass protections.
3. Attackers can access restricted directories (`/WEB-INF/`, `/META-INF/`).
4. If HTTP PUT is enabled, malicious files can be uploaded and executed → RCE.
---
### Usage Examples:
**Check if path traversal to protected directories is possible:**
```
sudo python3 CVE-2025-55752.py http://target:8080 --check
```
**Attempt to upload a JSP file and test access bypass:**
```
sudo python3 CVE-2025-55752.py http://target:8080
```
**🔧 Customize the filename and payload content:**
```
sudo python3 CVE-2025-55752.py http://target:8080 --filename exploit.jsp --payload "<% out.println('PWNED'); %>"
```
---
### 🛠 Mitigation & Recommendations
✅ **Upgrade Tomcat** — Use patched versions above.
✅ **Disable HTTP PUT** — Only enable if strictly necessary.
✅ **Harden rewrite rules** — Sanitize inputs and reject traversal sequences.
✅ **Enforce access control** — Restrict protected paths and administrative endpoints.
✅ **Use WAF / logging** — Monitor for suspicious traversal or PUT requests.
---
### 🧭 Key Takeaways
* Regression vulnerabilities can reintroduce serious risks even in fixed software.
* URL rewrite logic and HTTP PUT endpoints are high-risk vectors if misconfigured.
* Regular patching, secure configuration, and monitoring are essential to prevent exploitation.
---
文件快照
[4.0K] /data/pocs/dd2e9c52023d9a575a4ff51694aa4b547e075e6f
├── [2.9K] CVE-2025-55752.py
├── [2.5K] README.md
└── [ 57] requirements.txt
1 directory, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。