CVE-2025-24813 PoC — Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Source

Associated Vulnerability

Title:Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
Description:Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

Description

A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813]

Readme

# 🔍 PUT Directory Scanner

A penetration testing tool that identifies writable web directories via HTTP PUT method, specifically designed to detect **CVE-2025-24813** (Arbitrary File Upload in Apache Tomcat).
## 📌 Features

- **Smart Protocol Handling**: Auto-detects HTTPS/HTTP with fallback
- **Comprehensive Checks**: Tests all common Tomcat directories
- **Two-Stage Verification**: PUT + GET validation to eliminate false positives
- **Pentester-Friendly Output**: Color-coded results with manual verification commands
- **CVE-Focused**: Optimized for detecting assets with pre-requisites for CVE-2025-24813 

## 🚀 Installation

```bash
git clone https://github.com/x00byte/PutScanner.git
cd PutScanner
```

## 🛠️ Usage

### Basic Scan
```bash
./putscanner.py target.com:8080
```
![PUT Scanner Banner](assets/banner.jpg) <!-- Your main promotional image here -->
### Advanced Options
| Flag            | Description                          |
|-----------------|--------------------------------------|
| `-v`            | Verbose mode                         |
| `--ignore-ssl`  | Bypass SSL certificate verification |
| `-f targets.txt`| Scan multiple targets from file      |

## 🖥️ Demonstration

## 🧪 Test Environment Setup

1. Start the included test server:
```bash
python3 test_server.py
```

2. Run the scanner against it:
```bash
./putscanner.py http://localhost:8080 -v
```

## Live Test Results

Below is a demonstration of putscanner in use and the different scenarios it can test for.


![Test Server Scan Results](assets/test-scan.png) <!-- Your test server screenshot here -->

```

## 📜 Legal Disclaimer

**WARNING**: This tool is intended for **authorized penetration testing only**.
Unauthorized use against systems without explicit permission is illegal.


## 📄 License

MIT License - See [LICENSE](LICENSE) for full text.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!