¡¾·ì϶¹«¸æ¡¿Apache Tomcat°²È«Ô¼ÊøÈƹý·ì϶ (CVE-2025-49125)

°ä²¼¹¦·ò 2025-06-17

Ò»¡¢¡¢·ì϶¸ÅÊö


·ì϶Ãû³Æ

Apache Tomcat°²È«Ô¼ÊøÈƹý·ì϶

CVE   ID

CVE-2025-49125

·ì϶ÀàÐÍ

½Ó¼û½ÚÖÆ·ì϶

·¢ÏÖ¹¦·ò

2025-06-17

·ì϶ÆÀ·Ö

ÔÝÎÞ

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Apache TomcatÊÇÒ»¸ö¿ªÔ´µÄJava ServletÈÝÆ÷ºÍWeb·þÎñÆ÷£¬£¬£¬ÖØÒªÓÃÓÚÔËÐÐJavaÀûÓ÷¨Ê½£¬£¬£¬³ö¸ñÊÇ»ùÓÚServletºÍ"text-wrap-mode: wrap;">? ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk