关联漏洞
标题:
Apache Tomcat 环境问题漏洞
(CVE-2025-24813)
描述:Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 11.0.0-M1至11.0.2版本、10.1.0-M1至10.1.34版本和9.0.0.M1至9.0.98版本存在环境问题漏洞。攻击者利用该漏洞可以远程执行代码或泄露敏感信息。
介绍
# CVE-2025-24813 Apache Tomcat RCE Exploit PoC
This repository contains a proof-of-concept exploit for CVE-2025-24813, a Java
deserialization vulnerability in Apache Tomcat.
Based on
[absholi7ly/POC-CVE-2025-24813/](https://github.com/absholi7ly/POC-CVE-2025-24813/).
## Prerequisites
- Docker
## Setup
1. Install dependencies:
```bash
uv venv
source .venv/bin/activate
uv sync
```
2. Download ysoserial:
```bash
./download.sh
```
## Usage
### Using Docker (Recommended)
Build and run the exploit in a container:
```bash
docker build -t cve-2025-24813-poc:latest .
docker run --rm -it --mount "type=bind,src=$(pwd),target=/app" cve-2025-24813-poc:latest
python main.py <target>
```
### Direct Execution
Run the exploit directly:
```bash
python main.py <target_url> [options]
```
#### Options
- `--command`: Command to execute (default: `calc.exe`)
- `--ysoserial`: Path to ysoserial.jar (default: `./ysoserial-all.jar`)
- `--gadget`: ysoserial gadget chain (default: `CommonsCollections6`)
- `--payload_type`: Payload type - `ysoserial` or `java` (default: `ysoserial`)
- `--no-ssl-verify`: Disable SSL verification
#### Examples
```bash
# Basic usage
python main.py http://target:8080
# Custom command
python main.py http://target:8080 --command "whoami"
# Using Java payload instead of ysoserial
python main.py http://target:8080 --payload_type java
```
## How it Works
1. Checks if the target servlet is writable via PUT requests
2. Generates a malicious serialized Java payload
3. Uploads the payload as a session file
4. Triggers deserialization by accessing the session
## Disclaimer
This tool is for educational and authorized testing purposes only. Do not use
against systems you do not own or have explicit permission to test.
## References
- <https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html>
- <https://nvd.nist.gov/vuln/detail/CVE-2025-24813>
- <https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-03-14-Testing-CVE-2025-24813.md>
文件快照
[4.0K] /data/pocs/ff1fc3f4e0756299aa56b4708df0fe70611af83a
├── [ 182] CLAUDE.md
├── [1.6K] context.xml
├── [1.4K] context.xml.original
├── [ 204] Dockerfile
├── [1.6K] Dockerfile.vulnerable
├── [ 699] download.sh
├── [ 12K] index.jsp
├── [ 12K] index.jsp.original
├── [ 280] index.jsp.other
├── [ 678] justfile
├── [ 11K] main.py
├── [2.2K] payload.base64
├── [ 341] pyproject.toml
├── [2.0K] README.md
├── [ 393] ROOT.xml
├── [ 60K] uv.lock
├── [168K] web.xml
└── [168K] web.xml.original
0 directories, 18 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。