Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
In March 2025, Apache disclosed three critical vulnerabilities: CVE-2025-24813 in Apache Tomcat and CVE-2025-27636 and CVE-2025-29891 in Apache Camel. These flaws allow remote code execution, affecting millions of developers. The Tomcat vulnerability exploits partial PUT requests and session persistence features, while the Camel vulnerabilities involve header manipulation. Exploit attempts were observed from over 70 countries, with a surge in activity immediately after disclosure. The article provides detailed analysis of the vulnerabilities, including source code examination, exploitation methods, and telemetry data. It also outlines protection measures and mitigation strategies for affected systems.
OPENCTI LABELS :
exploit,remote code execution,vulnerability,apache,cve-2025-24813,tomcat,cve-2025-29891,cve-2025-27636
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack