'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'

Posted by Scott_Ruecker on Mar 18, 2025 2:18 PM CST
The Register; By Iain Thompson
Mail this story
Print this story

One PUT request, one poisoned session file, and the server’s yours. A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.

Full Story

  Nav
» Read more about: Story Type: News Story; Groups: Apache

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.