Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
1 min read
Summary
On 14 March 2025, Unit 42 reported a vulnerability in Apache Tomcat (CVE-2025-24813), and on 23 March 2025, Apache disclosed two related vulnerabilities in Apache Camel that allow remote code execution.
Palo Alto Networks has seen scan, probe and exploit attempts since the vulnerabilities were disclosed.
This article analyzes the vulnerabilities, provides technical analysis and includes useful source code where appropriate, and offers insights into the Tactics, Techniques and Procedures (TTPs) of attackers that Palo Alto Networks has observed.
Finally, this article offers advice on how to mitigate these vulnerabilities.
