Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack
Essential information
- Published
- 03/07/2025 11:10
- Modified
- 03/07/2025 17:48
- Tags
- 2025-07-03 CVE-2025-24813 CVE-2025-27636 CVE-2025-29891 apache exploit remote code execution tomcat vulnerability
- Related entities
- 12 vulnerabilities (cve), 23 observables, 6 techniques (mitre)
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (12)
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …
- Attack vector
- Network
- Published
- 29/04/2025
- Modified
- 21/12/2025
Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. …
- Published
- 12/03/2025
- Modified
- 13/03/2025
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write …
- Published
- 10/03/2025
- Modified
- 03/04/2025
Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through …
- Published
- 09/03/2025
- Modified
- 17/03/2025
NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by …
- Attack vector
- LOCAL
- Published
- 25/02/2025
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- LOCAL
- Published
- 09/01/2025
- Modified
- 21/12/2025
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- Low
- Published
- 29/11/2024
- Modified
- 08/04/2026
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to …
- Attack vector
- Network
- Published
- 18/11/2024
- Modified
- 21/12/2025
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to …
- Attack vector
- Network
- Published
- 18/11/2024
- Modified
- 21/12/2025
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …
- Attack vector
- Local
- Published
- 23/10/2024
- Modified
- 09/01/2026
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …
- Attack vector
- LOCAL
- Complexity
- High
- Published
- 04/07/2024
- Modified
- 08/04/2026
Observables (23)
96.113.95.1054.96.66.5754.120.8.20754.120.8.21422.85.196.3430.153.178.49195.164.49.70167.172.67.75139.87.112.98139.87.112.169139.87.112.115130.212.99.156123.16.159.102139.87.113.26139.87.113.24138.197.82.147212.56.34.85193.53.40.18209.189.232.134162.241.149.10191.208.206.2036b7912e550c66688c65f8cf8651b638defc4dbeabae5f0f6a23fb20d98333f6b6a9a0a3f0763a359737da801a48c7a0a7a75d6fa810418216628891893773540