HTTP: Apache Tomcat Partial PUT Path Equivalence

This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful attack can lead to sensitive information disclosure.

Extended Description

Path Equivalence: 'file.Name' (Internal Dot) leading toRemote Code Execution and/or Information disclosureand/or malicious content added to uploaded files via write enabledDefault Servletin Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: -writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory ofa target URL for public uploads -attacker knowledge of the names of security sensitive files beinguploaded -the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) -support for partial PUT (enabled by default) -application was using Tomcat's file based session persistence with thedefault storage location -application included a library that may be leveraged in adeserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

Affected Products

Debian debian_linux

References

CVE: CVE-2025-24813

Short Name

HTTP:APACHE:TMCAT-PUT-PATH-EQVL

Severity

Critical

Recommended

True

Recommended Action

Drop

HTTP: Apache Tomcat Partial PUT Path Equivalence

Extended Description

Affected Products

References

Found a potential security threat?