By rssfeeds-admin 
The vulnerability exploits a path equivalence issue involving internal dots in file names, which can be leveraged when specific server configurations are in place.
Proof-of-concept code demonstrating the exploitation techniques has been released, highlighting the urgent need for organizations to update their Apache Tomcat installations.
The newly discovered vulnerability presents attackers with several exploitation pathways, each requiring different preconditions to be met.
For information disclosure and malicious content injection attacks, the vulnerability can be exploited when writes are enabled for the default servlet, partial PUT support is active, and the target environment has overlapping upload directories for public and sensitive content.
Attackers must possess knowledge of sensitive file names being uploaded and ensure these files are transferred via partial PUT requests.
Under these circumstances, malicious users can view security-sensitive files and inject arbitrary content into existing uploads, potentially compromising data integrity and confidentiality.
The remote code execution attack vector presents an even more severe threat to affected systems. This exploitation path requires writes to be enabled for the default servlet and partial PUT support to remain active, similar to the information disclosure variant.
However, the critical difference lies in the additional requirements of file-based session persistence using Tomcat’s default storage location and the presence of libraries vulnerable to deserialization attacks.
Widespread Impact Across Multiple Tomcat Versions
When these conditions align, attackers can achieve complete system compromise through remote code execution, potentially gaining full control over the affected server infrastructure.
The vulnerability affects an extensive range of Apache Tomcat versions currently deployed in production environments worldwide.
The impact spans three major version branches, affecting Apache Tomcat 11.0.0-M1 through 11.0.2, version 10.1.0-M1 through 10.1.34, and the widely-deployed 9.0.0.M1 through 9.0.98 series.
This broad version coverage suggests that numerous organizations may be running vulnerable instances, particularly given the popularity of Apache Tomcat as a web application server in enterprise environments.
The default configuration of Apache Tomcat provides some inherent protection, as write capabilities for the default servlet are disabled by default.
However, many production deployments modify these default settings to enable specific functionality, potentially exposing systems to exploitation.
The combination of enabled partial PUT support, which remains active by default, with custom configurations enabling write operations creates the necessary conditions for successful attacks.
Patching Recommended as Security Updates
Apache Tomcat maintainers have responded swiftly to address this critical vulnerability by releasing patched versions across all affected branches.
Users are strongly recommended to upgrade immediately to version 11.0.3, 10.1.35, or 9.0.99, depending on their current deployment.
These updated versions contain comprehensive fixes that eliminate the path equivalence vulnerability and prevent the various attack scenarios described in the security advisory.
Organizations should prioritize this update given the potential for remote code execution and the availability of proof-of-concept exploitation code.
System administrators should also review their current Tomcat configurations to ensure that unnecessary write permissions are disabled and that session persistence mechanisms are properly secured until patching can be completed.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post Critical Apache Tomcat Vulnerability Enables Remote Code Execution – PoC Released appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.