{"id":69121,"date":"2025-03-18T01:56:35","date_gmt":"2025-03-18T01:56:35","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/"},"modified":"2025-03-18T01:57:32","modified_gmt":"2025-03-18T01:57:32","slug":"dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/","title":{"rendered":"&#8216;Dead simple&#8217; RCE exploit in Apache Tomcat under attack \u2022 The Register"},"content":{"rendered":"<p> <a href=\"https:\/\/go.fiverr.com\/visit\/?bta=1052423&nci=17043\" Target=\"_Top\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/fiverr.ck-cdn.com\/tn\/serve\/?cid=40081059\"  width=\"601\" height=\"201\"><\/a>\n<\/p>\n<div id=\"body\">\n<p>A trivial flaw in Apache Tomcat that enables distant code execution and entry to delicate information is alleged to be underneath assault within the wild inside per week of its disclosure.<\/p>\n<p>The vulnerability is <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-24813\">CVE-2025-24813<\/a>, and was revealed on March 10 together with updates to shut the outlet within the open supply net server software program. Based on API safety store Wallarm, an exploit for the bug was publicly distributed 30 hours later, and is \u201cnow actively exploited within the wild.\u201d<\/p>\n<p>Authentication just isn&#8217;t required to tug off an assault, and the top result&#8217;s the power to run arbitrary code on the focused Tomcat server by miscreants, permitting them to entry information amongst different nefarious issues.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n        <noscript><br \/>\n            <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"><br \/>\n                <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt=\"\"\/><br \/>\n            <\/a><br \/>\n        <\/noscript>\n    <\/div>\n<p>&#8220;We have already seen this in operation by Chinese language operators, and CISA [The US government&#8217;s Cybersecurity and Infrastructure Security Agency] received in contact tonight and are going so as to add the exploit to its warning listing,&#8221; Ivan Novikov, Wallarm&#8217;s CEO, instructed <i>The Register<\/i>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\">\n                <noscript><br \/>\n                    <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                        <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                    <\/a><br \/>\n                <\/noscript>\n            <\/div>\n<\/p><\/div>\n<p>Based on a Wallarm <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/lab.wallarm.com\/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild\/\">advisory<\/a> in regards to the flaw, the one requirement for profitable exploitation \u201cis that Tomcat is utilizing file-based session storage, which is widespread in lots of deployments.\u201d<\/p>\n<p>\u201cThe attacker begins by sending a PUT request to add a malicious session file to the server,\u201d Wallarm\u2019s advisory explains.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>&#8220;The payload is a base64-encoded <code>ysoserial<\/code> gadget chain, designed to set off distant code execution when deserialized. This request writes a file inside Tomcat\u2019s session storage listing. As a result of Tomcat robotically saves session information in information, the malicious payload is now saved on disk, ready to be deserialized.\u201d<\/p>\n<p>To deserialize the payload, attackers want solely ship a GET request with the JSESSIONID pointing to the malicious session. \u201cTomcat, seeing this session ID, retrieves the saved file, deserializes it, and executes the embedded Java code, granting full distant entry to the attacker,\u201d Wallarm\u2019s advisory states.<\/p>\n<p>The Apache Basis\u2019s <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq\">advisory<\/a> on the matter charges this an \u201cessential\u201d flaw. The inspiration doesn\u2019t assign CVSS scores \u2013 preferring to supply particulars that permit customers to make their very own choices about the way to act.<\/p>\n<p>The org factors out that profitable exploitation of the flaw to realize distant code execution requires 4 situations to be met, together with two default settings in Tomcat &#8211; writes enabled to the default servlet and assist for partial PUT uploads. The opposite two situations are an software configured to make use of Tomcat&#8217;s file primarily based session persistence with the default storage location and together with a library that could be leveraged in a deserialization assault.<\/p>\n<p>That is an honest set of hurdles although crims might discover the course worthwhile as Apache Tomcat is broadly used to deploy bespoke Java functions inside enterprises. Such apps retailer the sort of juicy information and code community intruders like to pillage. Working Tomcat in read-only mode for the default servlet has been <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/secbot.com\/docs\/templates\/tech\/apache\/tomcat\/tomcat-readonly-rce\">a good idea<\/a> since not less than 2017.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cso&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Z9jS0nBf6DiqvlhPhXZyQQAAAUg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>The flaw is current in Apache Tomcat variations 11.0.0-M1 by way of 11.0.2, from 10.1.0-M1 by way of 10.1.34, and from 9.0.0.M1 by way of 9.0.98.<\/p>\n<p>The flaw may also be used to view or tamper with delicate information. That state of affairs requires 5 situations to be met:<\/p>\n<ol>\n<li>Writes enabled for the default servlet (disabled by default)<\/li>\n<li>Help for partial PUT (enabled by default)<\/li>\n<li>A goal URL for safety delicate uploads that was a sub-directory of a goal URL for public uploads<\/li>\n<li>Attacker information of the names of safety delicate information being uploaded<\/li>\n<li>The safety delicate information additionally being uploaded by way of partial PUT<\/li>\n<\/ol>\n<p>We have requested Apache for more information and can replace this story if the org responds. \u00ae<\/p>\n<\/p><\/div>\n<iframe data-lazy=\"true\" data-src=\"https:\/\/www.fiverr.com\/gig_widgets?id=U2FsdGVkX18x7XQvttUTrv1oEqmGNGTgvvCUiUoJ\/AP4z\/UyMz8lXGOLpu15jIMxBbTR0gmD5uBoFvhC4KWeALQRp3h\/X\/AwcVD0K8Wj9H\/ZzYKzcCNHosB9oS4SCJJFWiN85P9ICAc4OgCoE\/wHKIY7CDkf2\/DQ1vqGvk4smVe5cRDEmrLPCWi4FC8p40VUhSmWQ5udCm0zoJtorgWv3vbDQw0kKYkwn39ozAnQXDe+YvWMxkLFWA+O3TFwkJvdkIK+\/AUSnRssPKt5WHY0FhNOxnSPcLslEL4G4\/RfP95ve99U+kRnDy3X+KtzdQLY+u935ghON\/o3UE4IMv9oN6JX9RnxzL\/LRcOgnHigxStSGPKsZYtnz8RWNVT\/rOLAibqiWJadC5MYHRbekF3eg6FOGrQGkXYbsn0+a5aovnlLCbLwIqY9fcS17UX8J235iQ6cdmHNbrPeS84CMm34RA==&affiliate_id=1052423&strip_google_tagmanager=true\" loading=\"lazy\" data-with-title=\"true\" class=\"fiverr_nga_frame\" frameborder=\"0\" height=\"350\" width=\"100%\" referrerpolicy=\"no-referrer-when-downgrade\" data-mode=\"random_gigs\" onload=\" var frame = this; var script = document.createElement('script'); script.addEventListener('load', function() { window.FW_SDK.register(frame); }); script.setAttribute('src', 'https:\/\/www.fiverr.com\/gig_widgets\/sdk'); document.body.appendChild(script); \" ><\/iframe>\n<br \/><a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2025\/03\/18\/apache_tomcat_java_rce_flaw\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A trivial flaw in Apache Tomcat that enables distant code execution and entry to delicate information is alleged to be underneath assault within the wild&#8230;<\/p>\n","protected":false},"author":1,"featured_media":69122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-69121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-universe"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&#039;Dead simple&#039; RCE exploit in Apache Tomcat under attack \u2022 The Register - mailinvest.blog<\/title>\n<meta name=\"description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&#039;Dead simple&#039; RCE exploit in Apache Tomcat under attack \u2022 The Register - mailinvest.blog\" \/>\n<meta property=\"og:description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/\" \/>\n<meta property=\"og:site_name\" content=\"mailinvest.blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/freelanceracademic\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-18T01:56:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-18T01:57:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mailinvest.blog\/wp-content\/uploads\/2025\/03\/cat_shutterstock.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin@mailinvest.blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin@mailinvest.blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/\"},\"author\":{\"name\":\"admin@mailinvest.blog\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\"},\"headline\":\"&#8216;Dead simple&#8217; RCE exploit in Apache Tomcat under attack \u2022 The Register\",\"datePublished\":\"2025-03-18T01:56:35+00:00\",\"dateModified\":\"2025-03-18T01:57:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/\"},\"wordCount\":622,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cat_shutterstock.jpg\",\"articleSection\":[\"Tech Universe\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/\",\"name\":\"'Dead simple' RCE exploit in Apache Tomcat under attack \u2022 The Register - mailinvest.blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cat_shutterstock.jpg\",\"datePublished\":\"2025-03-18T01:56:35+00:00\",\"dateModified\":\"2025-03-18T01:57:32+00:00\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cat_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/cat_shutterstock.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2025\\\/03\\\/18\\\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mailinvest.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8216;Dead simple&#8217; RCE exploit in Apache Tomcat under attack \u2022 The Register\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"name\":\"mailinvest.blog\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mailinvest.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\",\"name\":\"mailinvest\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"width\":1000,\"height\":1000,\"caption\":\"mailinvest\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/freelanceracademic\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\",\"name\":\"admin@mailinvest.blog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"caption\":\"admin@mailinvest.blog\"},\"sameAs\":[\"https:\\\/\\\/mailinvest.blog\",\"admin@mailinvest.blog\"],\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/author\\\/adminmailinvest-blog\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'Dead simple' RCE exploit in Apache Tomcat under attack \u2022 The Register - mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/","og_locale":"en_US","og_type":"article","og_title":"'Dead simple' RCE exploit in Apache Tomcat under attack \u2022 The Register - mailinvest.blog","og_description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","og_url":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/","og_site_name":"mailinvest.blog","article_publisher":"https:\/\/www.facebook.com\/freelanceracademic\/","article_published_time":"2025-03-18T01:56:35+00:00","article_modified_time":"2025-03-18T01:57:32+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2025\/03\/cat_shutterstock.jpg","type":"image\/jpeg"}],"author":"admin@mailinvest.blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin@mailinvest.blog","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#article","isPartOf":{"@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/"},"author":{"name":"admin@mailinvest.blog","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4"},"headline":"&#8216;Dead simple&#8217; RCE exploit in Apache Tomcat under attack \u2022 The Register","datePublished":"2025-03-18T01:56:35+00:00","dateModified":"2025-03-18T01:57:32+00:00","mainEntityOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/"},"wordCount":622,"commentCount":0,"publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2025\/03\/cat_shutterstock.jpg","articleSection":["Tech Universe"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/","url":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/","name":"'Dead simple' RCE exploit in Apache Tomcat under attack \u2022 The Register - mailinvest.blog","isPartOf":{"@id":"https:\/\/mailinvest.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#primaryimage"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2025\/03\/cat_shutterstock.jpg","datePublished":"2025-03-18T01:56:35+00:00","dateModified":"2025-03-18T01:57:32+00:00","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","breadcrumb":{"@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#primaryimage","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2025\/03\/cat_shutterstock.jpg","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2025\/03\/cat_shutterstock.jpg","width":1000,"height":667},{"@type":"BreadcrumbList","@id":"https:\/\/mailinvest.blog\/index.php\/2025\/03\/18\/dead-simple-rce-exploit-in-apache-tomcat-under-attack-the-register\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mailinvest.blog\/"},{"@type":"ListItem","position":2,"name":"&#8216;Dead simple&#8217; RCE exploit in Apache Tomcat under attack \u2022 The Register"}]},{"@type":"WebSite","@id":"https:\/\/mailinvest.blog\/#website","url":"https:\/\/mailinvest.blog\/","name":"mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mailinvest.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mailinvest.blog\/#organization","name":"mailinvest","url":"https:\/\/mailinvest.blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","width":1000,"height":1000,"caption":"mailinvest"},"image":{"@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/freelanceracademic\/"]},{"@type":"Person","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4","name":"admin@mailinvest.blog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","caption":"admin@mailinvest.blog"},"sameAs":["https:\/\/mailinvest.blog","admin@mailinvest.blog"],"url":"https:\/\/mailinvest.blog\/index.php\/author\/adminmailinvest-blog\/"}]}},"_links":{"self":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/69121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/comments?post=69121"}],"version-history":[{"count":1,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/69121\/revisions"}],"predecessor-version":[{"id":69123,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/69121\/revisions\/69123"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media\/69122"}],"wp:attachment":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media?parent=69121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/categories?post=69121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/tags?post=69121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}