| VID |
210291 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of Tomcat installed on the remote host is prior to 10.1.35. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.1.35_security-10 advisory.
- Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.98, which fixes the issue. (CVE-2025-24813)
* References:
https://github.com/apache/tomcat/commit/f6c01d6577cf9a1e06792be47e623d36acc3b5dc
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.35
* Platforms Affected:
Apache Tomcat Server versions 10.1.x prior to 10.1.35
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (10.1.35 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2025-24813 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
