Create lab for CVE-2025-24813# Apache Tomcat Unauthenticated RCE - CVE-2025-24813
This repository provides a guide and testing environment to assess the **CVE-2025-24813** vulnerability.
## Details
**Affected Versions:**
- Apache Tomcat 11.0.0-M1 to 11.0.2
- Apache Tomcat 10.1.0-M1 to 10.1.34
- Apache Tomcat 9.0.0.M1 to 9.0.98
## References
- [CVE-2025-24813 Advisory](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813)
- [Apache Announcement](https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq)
## Steps to Test the Vulnerability
1. Run the following command to build and start the vulnerable Apache Tomcat container
```
docker build -t v-tomcat .
docker run -d -p 1234:8080 --name tomcat-lab v-tomcat
If the ROOT folder is not created;
docker exec -it tomcat-lab mkdir -p /usr/local/tomcat/webapps/ROOT
```
2. Upload a file with curl
```
curl -X PUT -H "Content-Type: application/octet-stream" --data-binary "vuln3r4bl3" http://localhost:1234/vln
```
3. Verify the upload: If the response contains "vuln3r4bl3", it indicates that the upload was successful.
```
curl -X GET http://localhost:1234/vln
```
⚠️ Disclaimer
This lab is intended for educational and security research purposes only. Do not deploy this configuration on production systems.
登录后查看神龙缓存的 POC 文件快照
登录查看