Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
buherator (buherator@infosec.place)'s status on Thursday, 20-Mar-2025 00:05:22 JST buherator
in reply to
- Caitlin Condon
@catc0n If by single source you mean Wallarm, that one is factually incorrect at multiple points so IMO it's best to dismiss as FUD:

https://infosec.place/notice/As2Q4VaBioZNySoR6m
In conversation about 2 months ago from infosec.place permalink
Attachments
1. Domain not in remote thumbnail source whitelist: media.infosec.place
  
  buherator (@buherator@infosec.place)
  
  This "analysis" by Wallarm - claiming active exploitation of CVE-2025-24813 Tomcat RCE - is wrong in multiple ways (maybe LLM slop?): https://web.archive.org/web/20250314071219/https://lab.wallarm...
- Embed this notice
  Caitlin Condon (catc0n@infosec.exchange)'s status on Thursday, 20-Mar-2025 00:05:23 JST Caitlin Condon
  
  Has anyone actually confirmed real-world compromises from the supposed Apache Tomcat exploitation (CVE-2025-24813) going on? Breathless headlines seem to be quoting a single vague source, and this bug isn't exploitable in anywhere close to a default config https://attackerkb.com/assessments/1a24556d-24fb-4017-be67-e4ab39c76566
  In conversation about 2 months ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: attackerkb.com
    
    CVE-2025-24813 | AttackerKB
    
    Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files vi…
  Kevin Beaumont repeated this.

Public

Conversation

Notices

Feeds