Apache Tomcat 路徑對等 RCE (CVE-2025-24813)

語言:

版本 1.8 Oct 1, 2025, 9:12 PM Logic Changes (Adding support for user-supplied header added to all HTTP requests.) Plugin Feed: 202510012112
版本 1.7 Sep 30, 2025, 12:41 AM Logic Changes (Add extra checks to see whether plugins should run. Modernisation of the HTTP/1 library. Various corrections and fixes for CPE related Flatline Test Failures. Remove spurious authentication header.) Plugin Feed: 202509300041
版本 1.5 Jul 15, 2025, 2:39 AM Logic Changes Plugin Feed: 202507150239
版本 1.4 Jul 10, 2025, 5:41 PM Logic Changes (Windows CA support) Plugin Feed: 202507101741
版本 1.3 Apr 2, 2025, 6:50 PM Logic Changes (Improved plugin to prevent FPs when target server is configured to send HTTP 500s instead of HTTP 404s) Plugin Feed: 202504021850
版本 1.2 Apr 1, 2025, 9:29 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" set to "Exploits are available") Plugin Feed: 202504012129
版本 1.1 Mar 24, 2025, 6:40 PM New Plugin Feed: 202503241840

* Changelogs are generally available for changes made after Nov 1, 2022