Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack
July 3, 2025, 5:48 p.m.
Description
In March 2025, Apache disclosed three critical vulnerabilities: CVE-2025-24813 in Apache Tomcat and CVE-2025-27636 and CVE-2025-29891 in Apache Camel. These flaws allow remote code execution, affecting millions of developers. The Tomcat vulnerability exploits partial PUT requests and session persistence features, while the Camel vulnerabilities involve header manipulation. Exploit attempts were observed from over 70 countries, with a surge in activity immediately after disclosure. The article provides detailed analysis of the vulnerabilities, including source code examination, exploitation methods, and telemetry data. It also outlines protection measures and mitigation strategies for affected systems.
Tags
Date
- Created: July 3, 2025, 11:10 a.m.
- Published: July 3, 2025, 11:10 a.m.
- Modified: July 3, 2025, 5:48 p.m.
Indicators
- 6b7912e550c66688c65f8cf8651b638defc4dbeabae5f0f6a23fb20d98333f6b
- 6a9a0a3f0763a359737da801a48c7a0a7a75d6fa810418216628891893773540
- 96.113.95.10
- 54.96.66.57
- 54.120.8.207
- 54.120.8.214
- 22.85.196.34
- 30.153.178.49
- 195.164.49.70
- 167.172.67.75
- 139.87.112.98
- 139.87.112.169
- 139.87.112.115
- 130.212.99.156
- 123.16.159.102
- 139.87.113.26
- 139.87.113.24
- 138.197.82.147
- 212.56.34.85
- 193.53.40.18
- 209.189.232.134
- 162.241.149.101
- 91.208.206.203