'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'

One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.…

Mar 18, 2025 - 02:42
 0
'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'

One PUT request, one poisoned session file, and the server’s yours

A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.…