| VID |
210292 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of Tomcat installed on the remote host is prior to 11.0.3. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_11.0.3_security-11 advisory.
- Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.98, which fixes the issue. (CVE-2025-24813)
* References:
https://github.com/apache/tomcat/commit/0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.3
* Platforms Affected:
Apache Tomcat Server versions 11.0.x prior to 11.0.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (11.0.3 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2025-24813 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
