Conversation
buherator
buherator
[oss-security] CVE-2025-24813: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
https://seclists.org/oss-sec/2025/q1/197
"If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack"
https://seclists.org/oss-sec/2025/q1/197
"If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack"
0
3
4