{"uuid": "9d4055b4-5c68-46bb-b1d4-00098c6d906c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24813", "type": "seen", "source": "https://t.me/cvedetector/19979", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24813 - Apache Tomcat Default Servlet Path Equivalence Remote Code Execution and Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-24813 \nPublished : March 10, 2025, 5:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago \nDescription : Path Equivalence: 'file.Name' (Internal Dot) leading to\u00a0Remote Code Execution and/or Information disclosure\u00a0and/or malicious content added to uploaded files via write enabled\u00a0Default Servlet\u00a0in Apache Tomcat.  \n  \nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.  \n  \nIf all of the following were true, a malicious user was able to view       security sensitive files and/or inject content into those files:  \n-\u00a0writes enabled for the default servlet (disabled by default)  \n- support for partial PUT (enabled by default)  \n- a target URL for security sensitive uploads that was a sub-directory of\u00a0a target URL for public uploads  \n-\u00a0attacker knowledge of the names of security sensitive files being\u00a0uploaded  \n-\u00a0the security sensitive files also being uploaded via partial PUT  \n  \nIf all of the following were true, a malicious user was able to       perform remote code execution:  \n- writes enabled for the default servlet (disabled by default)  \n-\u00a0support for partial PUT (enabled by default)  \n-\u00a0application was using Tomcat's file based session persistence with the\u00a0default storage location  \n-\u00a0application included a library that may be leveraged in a\u00a0deserialization attack  \n  \nUsers are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.98, which fixes the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-10T20:43:09.000000Z"}