Apache Under the Lens: Tomcats Partial PUT and Camels Header Hijack

(520) 462-0516

Apache Under the Lens: Tomcats Partial PUT and Camels Header Hijack

In March 2025, Apache disclosed three critical vulnerabilities: CVE-2025-24813 in Apache Tomcat and CVE-2025-27636 and CVE-2025-29891 in Apache Camel. These flaws allow remote code execution, affecting millions of developers. The Tomcat vulnerability exploits partial PUT requests and session persistence features, while the Camel vulnerabilities involve header manipulation. Exploit attempts were observed from over 70 countries, with a surge in activity immediately after disclosure. The article provides detailed analysis of the vulnerabilities, including source code examination, exploitation methods, and telemetry data. It also outlines protection measures and mitigation strategies for affected systems. Author: AlienVault

Related Tags:
cve-2025-29891

tomcat

cve-2025-24813

remote code execution

apache

T1595

T1562.001

vulnerability

T1213

Associated Indicators:
167.172.67.75

6B7912E550C66688C65F8CF8651B638DEFC4DBEABAE5F0F6A23FB20D98333F6B

6A9A0A3F0763A359737DA801A48C7A0A7A75D6FA810418216628891893773540

195.164.49.70

130.212.99.156

30.153.178.49

123.16.159.102

139.87.112.98

54.96.66.57

Threat Intel Solutions

Apache Under the Lens: Tomcats Partial PUT and Camels Header Hijack

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us