لرن سرا

بلاگ

  • Apache Tomcat Remote Code Execution Vulnerability


    Apache Tomcat is a popular, open-source web server and servlet container maintained by the Apache Software Foundation. It provides a reliable and scalable environment for executing Java Servlets and serving web pages built using Java Server Pages (JSP). Frequently deployed in both development and production environments, Tomcat plays a crucial role in delivering dynamic Java-based web applications across various enterprise use cases.

    Recently, a critical security vulnerability identified as CVE-2025-24813 was discovered in Apache Tomcat. This vulnerability exploits a flaw in the handling of partial file uploads and session file persistence, potentially allowing attackers to achieve remote code execution (RCE) under certain conditions. The issue arises from how Tomcat’s default servlet manages write operations combined with deserialization logic for persisted session files.

    CVE-2025-24813

    Initially published in early March with a CVSS score of 5.5, the severity of CVE-2025-24813 was later reassessed and upgraded to 9.8 (High). Recognizing the potential impact of this flaw, the Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalogue, underscoring the urgency for affected organizations to patch their systems.

    CVE-2025-24813 is a critical vulnerability in Apache Tomcat that can lead to remote code execution (RCE) when specific server configurations are in place. The issue arises from how Tomcat handles partial PUT requests in conjunction with file-based session persistence.

    This issue becomes exploitable when the default servlet is explicitly configured with ‘readonly’ parameter is set to false — a setting that enables write operations such as HTTP PUT. By default, Tomcat sets ‘readonly’ to true, which restricts write access and helps mitigate risk. This parameter is defined in the web.xml configuration file, typically located in the conf/ directory of the Tomcat installation.

    When partial PUT support is also enabled (enabled by default), an attacker can exploit this behaviour to upload a crafted serialized payload, targeting a session file. If Tomcat is configured to persist session data to disk, the uploaded file may later be automatically deserialized by the server, resulting in attacker-controlled code execution.

    The vulnerability affects the following versions of Apache Tomcat:

    • 11.0.0‑M1 through 11.0.2
    • 10.1.0‑M1 through 10.1.34
    • 9.0.0‑M1 through 9.0.98

    Exploitation Prerequisites for CVE-2025-24813

    To exploit CVE-2025-24813, several server-side conditions must be in place. These prerequisites enable an attacker to craft a malicious PUT request that results in the deserialization of attacker-controlled data, potentially leading to remote code execution (RCE).

    The following conditions must be met:

    • The default servlet’s readonly attribute is set to false, permitting write access via HTTP PUT requests
    • Partial PUT functionality is enabled — i.e., Tomcat accepts the Content-Range header (enabled by default)
    • The application is configured to use Tomcat’s file-based session persistence mechanism

    Exploitation Flow

    The exploitation of CVE-2025-24813 involves a sequence of carefully crafted steps that take advantage of Tomcat’s handling of partial file uploads and session deserialization. The following outlines a typical attack chain under vulnerable conditions:

    Environment Setup: The target server must have ‘readonly’ parameter set to false for the default servlet, partial PUT support enabled, and file-based session persistence configured.

    Payload Generation: The attacker generates a malicious serialized object — typically using a tool like ysoserial — embedding a command that will execute upon deserialization.

    Payload Upload: The crafted payload is uploaded to the server via an HTTP PUT request with a Content-Range header. This simulates a partial upload and results in the creation of a session file on disk.

    Triggering Deserialization: A follow-up request is made to the application with the JSESSIONID set to the uploaded session file’s name. This causes Tomcat to deserialize the file, assuming it to be a legitimate session object.

    Code Execution: If a suitable deserialization gadget exists on the classpath, the payload is executed, leading to remote code execution under the privileges of the Tomcat process.

    Mitigation

    The recommended and most effective mitigation for CVE-2025-24813 is to upgrade Apache Tomcat to a version where the vulnerability has been addressed. This flaw is fully patched in the following Tomcat releases:

    These versions include enhancements to the handling of temporary files created via partial PUT requests, ensuring such files are not mistakenly deserialized as session objects — thereby preventing remote code execution.

    For environments where immediate upgrades are not possible, the following temporary mitigations can help reduce risk:

    • Keep the default servlet’s readonly parameter set to true, which prevents write operations via PUT requests. This is the default and recommended setting.
    • Disable support for partial PUT requests, especially if not used by the application. This can be achieved at the connector level or via upstream web server rules (e.g., Nginx or Apache HTTPD).
    • Avoid using file-based session persistence, particularly when writable paths overlap with session storage locations.
    • Review and sanitize the server classpath to remove unnecessary libraries such as commons-collections, which may introduce exploitable deserialization gadgets.

        Seqrite Endpoint Protection

    All Seqrite Customers are protected from this vulnerability by following signatures:

    • HTTP/CVE-2025-24813!VS.49414

    Authors:

    Vinay Kumar

    Vineet Sarote



    Source link

  • Upgrading a 20 year old University Project to .NET 6 with dotnet-upgrade-assistant

    Upgrading a 20 year old University Project to .NET 6 with dotnet-upgrade-assistant



    I wrote a Tiny Virtual Operating System for a 300-level OS class in C# for college back in 2001 (?) and later moved it to VB.NET in 2002. This is all pre-.NET Core, and on early .NET 1.1 or 2.0 on Windows. I moved it to GitHub 5 years ago and ported it to .NET Core 2.0 at the time. At this point it was 15 years old, so it was cool to see this project running on Windows, Linux, in Docker, and on a Raspberry Pi…a machine that didn’t exist when the project was originally written.

    NOTE: If the timeline is confusing, I had already been working in industry for years at this point but was still plugging away at my 4 year degree at night. It eventually took 11 years to complete my BS in Software Engineering.

    This evening, as the children slept, I wanted to see if I could run the .NET Upgrade Assistant on this now 20 year old app and get it running on .NET 6.

    Let’s start:

    $ upgrade-assistant upgrade .\TinyOS.sln
    -----------------------------------------------------------------------------------------------------------------
    Microsoft .NET Upgrade Assistant v0.3.256001+3c4e05c787f588e940fe73bfa78d7eedfe0190bd
    We are interested in your feedback! Please use the following link to open a survey: https://aka.ms/DotNetUASurvey
    -----------------------------------------------------------------------------------------------------------------
    [22:58:01 INF] Loaded 5 extensions
    [22:58:02 INF] Using MSBuild from C:\Program Files\dotnet\sdk\6.0.100\
    [22:58:02 INF] Using Visual Studio install from C:\Program Files\Microsoft Visual Studio\2022\Preview [v17]
    [22:58:06 INF] Initializing upgrade step Select an entrypoint
    [22:58:07 INF] Setting entrypoint to only project in solution: C:\Users\scott\TinyOS\src\TinyOSCore\TinyOSCore.csproj
    [22:58:07 INF] Recommending executable TFM net6.0 because the project builds to an executable
    [22:58:07 INF] Initializing upgrade step Select project to upgrade
    [22:58:07 INF] Recommending executable TFM net6.0 because the project builds to an executable
    [22:58:07 INF] Recommending executable TFM net6.0 because the project builds to an executable
    [22:58:07 INF] Initializing upgrade step Back up project

    See how the process is interactive at the command line, with color prompts and a series of dynamic multiple-choice questions?

    Updating .NET project with the upgrade assistant

    Interestingly, it builds on the first try, no errors.

    When I manually look at the .csproj I can see some weird version numbers, likely from some not-quite-baked version of .NET Core 2 I used many years ago. My spidey sense says this is wrong, and I’m assuming the upgrade assistant didn’t understand it. 

        <!-- <PackageReference Include="ILLink.Tasks" Version="0.1.4-preview-906439" /> -->
    <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.0.0-preview2-final" />
    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.0.0-preview2-final" />
    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="2.0.0-preview2-final" />
    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="2.0.0-preview2-final" />

    I also note a commented-out reference to ILLink.Tasks which was a preview feature in Mono’s Linker to reduce the final size of apps and tree-trim them. Some of that functionality is built into .NET 6 now so I’ll use that during the build and packaging process later. The reference is not needed today.

    I’m gonna blindly upgrade them to .NET 6 and see what happens. I could do this by just changing the numbers and seeing if it restores and builds, but I can also try dotnet outdated which remains a lovely tool in the upgrader’s toolkit.

    image

    This “outdated” tool is nice as it talks to NuGet and confirms that there are newer versions of certain packages.

    In my tests – which were just batch files at this early time – I was calling my dotnet app like this:

    dotnet netcoreapp2.0/TinyOSCore.dll 512 scott13.txt

    This will change to the modern form with just TinyOSCore.exe 512 scott13.txt with an exe and args and no ceremony.

    Publishing and trimming my TinyOS turns into just a 15 meg EXE. Nice considering that the .NET I need is in there with no separate install. I could turn this little synthetic OS into a microservice if I wanted to be totally extra.

    dotnet publish -r win-x64 --self-contained -p:PublishSingleFile=true -p:SuppressTrimAnalysisWarnings=true

    If I add 

    -p:EnableCompressionInSingleFile=true

    Then it’s even smaller. No code changes. Run all my tests, looks good. My project from university from .NET 1.1 is now .NET 6.0, cross platform, self-contained in 11 megs in a single EXE. Sweet.

    Sponsor: At Rocket Mortgage® the work you do around here will be 100% impactful but won’t take all your free time, giving you the perfect work-life balance. Or as we call it, tech/life balance! Learn more.




    About Scott

    Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

    facebook
    bluesky
    subscribe
    About   Newsletter

    Hosting By
    Hosted on Linux using .NET in an Azure App Service










    Source link

  • Easter Sale! 🐣

    Easter Sale! 🐣


    At Browserling and Online Tools, we love sales.

    We just created a new automated Easter Sale.

    Now each year, on the Easter Day, we show a 50% discount offer to all users who visit our site.

    This year it runs today, next year on April 5, etc.

    Here’s how it looks.

    Buy a subscription now and see you next time!



    Source link

  • Build a Python Site Connectivity Checker App with PyQt (Step-by-Step)



    Build a Python Site Connectivity Checker App with PyQt (Step-by-Step)



    Source link

  • Top reasons to add a Swimming Pool to your home


    If you’ve been considering adding a swimming pool to your property, you’re not alone. Swimming pools have become a popular addition to many homes, with around 10.7 million pools already installed in the U.S., according to Ruby Home. Pools can serve as the centerpiece of relaxation, fitness, and entertainment in your backyard. Beyond aesthetics, adding a pool comes with a variety of benefits that might make it the perfect investment for your home.

    1. Increase Property Value

    One of the most compelling reasons to add a swimming pool is its impact on property value. A well-maintained inground pool can raise the value of a property by as much as 7%, according to Bankrate. This is a significant increase, especially for homeowners looking to make their home more attractive to potential buyers.

    In warmer climates, where the pool season is longer, a swimming pool can be seen as an essential amenity rather than a luxury. Homes with pools tend to stand out in competitive real estate markets, as they provide prospective buyers with an immediate sense of lifestyle and comfort. By adding a swimming pool, you not only improve your daily living experience but also potentially boost your property’s marketability and price.

    2. Health and Fitness Benefits

    A swimming pool is more than just a luxurious backyard feature—it’s a tool for health and wellness. Swimming is a low-impact, full-body workout that provides both cardiovascular and strength training benefits. It’s gentle on the joints, making it suitable for people of all ages, including those who may have joint pain or physical limitations.

    With a pool right outside your door, you’re more likely to incorporate exercise into your daily routine, whether it’s swimming laps, doing water aerobics, or simply taking a leisurely dip. Pools can be especially useful for families, as children are more likely to stay active if they have an accessible and fun way to do so at home.

    3. Enhance Your Lifestyle and Entertainment Options

    A swimming pool transforms your backyard into an outdoor oasis. Whether you’re hosting a family gathering, a summer BBQ, or simply having friends over, a pool serves as a centerpiece for entertainment. It adds an element of fun and relaxation, allowing guests to enjoy the warm weather and cool off in the water.

    Beyond parties, a pool provides a great setting for spending quality family time. It can be a place where kids learn to swim, families play games together, or where you unwind after a long day. The versatility of a swimming pool makes it an appealing addition for those who value creating memories at home.

    4. Environmental and Water Conservation Benefits

    The idea of owning a pool might make some potential owners concerned about water usage, but modern water purification methods have come a long way. According to Pool and Spa News, the pool water purification method saves as much as 80% more water compared to draining the pool when the water reaches its saturation point. This innovation ensures that pools are more sustainable, significantly reducing the environmental footprint of maintaining a backyard pool.

    Water conservation techniques, such as installing a pool cover, using efficient filtration systems, and keeping pool water properly balanced, also contribute to minimizing water waste. With these improvements, owning a swimming pool today is far less resource-intensive than it was in the past, making it a more eco-friendly option.

    5. Stress Relief and Relaxation

    The soothing qualities of water make a swimming pool an ideal place for relaxation. Many people find the act of floating in water, listening to the gentle sounds of splashing, or even just sitting by the pool to be calming and rejuvenating. The mental health benefits of spending time in or near water are well-documented, as it can help reduce stress, anxiety, and promote overall well-being.

    After a stressful day, there’s nothing quite like taking a relaxing dip or enjoying the peaceful environment that a pool offers. Having your own private retreat provides a daily escape from the hustle and bustle of life.

    If you’ve been on the fence about installing a pool, consider the value it can add to your lifestyle, health, and home. From raising property value to creating a perfect entertainment space, the advantages of adding a swimming pool are numerous and long-lasting.



    Source link

  • Build a Python Network Speed Test App with PyQt (Step-by-Step)



    Build a Python Network Speed Test App with PyQt (Step-by-Step)



    Source link

  • A Nightscout Segment for OhMyPosh shows my realtime Blood Sugar readings in my Git Prompt

    A Nightscout Segment for OhMyPosh shows my realtime Blood Sugar readings in my Git Prompt



    I’ve talked about how I love a nice pretty prompt in my Windows Terminal and made videos showing in detail how to do it. I’ve also worked with my buddy TooTallNate to put my real-time blood sugar into a bash or PowerShell prompt, but this was back in 2017.

    Now that I’m “Team OhMyPosh” I have been meaning to write a Nightscout “segment” for my prompt. Nightscout is an open source self-hosted (there are commercial hosts also like T1Pal) website and API for remote display of real-time and near-real-time glucose readings for Diabetics like myself.

    Since my body has an active REST API where I can just do an HTTP GET (via curl or whatever) and see my blood sugar, it clearly belongs in a place of honor, just like my current Git Branch!

    My blood sugar in my Prompt!

    Oh My Posh supports configurable “segments” and now there’s a beta (still needs mmol and stale readings support) Nightscout segment that you can setup in just a few minutes!

    This prompt works in ANY shell on ANY os! You can do this in zsh, PowerShell, Bash, whatever makes you happy.

    Here is a YouTube of Jan from OhMyPosh and I coding the segment LIVE in Go.

    https://www.youtube.com/watch?v=_meKUIm9NwA

    If you have an existing OhMyPosh json config, you can just add another segment like this. Make sure your Nightscout URL includes a secure Token or is public (up to you). Note also that I setup “if/then” rules in my background_templates. These are optional and up to you to change to your taste. I set my background colors to red, yellow, green depending on sugar numbers. I also have a foreground template that is not really used, as you can see it always evaluates to black #000, but it shows you how you could set it to white text on a darker background if you wanted. 

    {
    "type": "nightscout",
    "style": "diamond",
    "foreground": "#ffffff",
    "background": "#ff0000",
    "background_templates": [
    "{{ if gt .Sgv 150 }}#FFFF00{{ end }}",
    "{{ if lt .Sgv 60 }}#FF0000{{ end }}",
    "#00FF00"
    ],
    "foreground_templates": [
    "{{ if gt .Sgv 150 }}#000000{{ end }}",
    "{{ if lt .Sgv 60 }}#000000{{ end }}",
    "#000000"
    ],
    "leading_diamond": "",
    "trailing_diamond": "\uE0B0",
    "properties": {
    "url": "https://YOURNIGHTSCOUTAPP.herokuapp.com/api/v1/entries.json?count=1&token=APITOKENFROMYOURADMIN",
    "http_timeout": 1500,
    "template": " {{.Sgv}}{{.TrendIcon}}"
    }
    },

    By default we will only go out and hit your Nightscout instance every 5 min, only when the prompt is repainted, and we’ll only wait 1500ms before giving up. You can set that “http_timeout” (how long before we give up) if you feel this slows you down. It’ll be cached for 5 min so it’s unlikely  to b something you’ll notice. The benefit of this new OhMyPosh segment over the previous solution is that it requires no additional services/chron jobs and can be setup extremely quickly. Note also that you can customize your template with NerdFonts. I’ve included a tiny syringe!

    What a lovely prompt with Blood Sugar!

    Next I’ll hope to improve the segment with mmol support as well as strikeout style for “stale” (over 15 min old) results. You’re also welcome to help out by watching our YouTube and submitting a PR!

    Sponsor: Make login Auth0’s problem. Not yours. Provide the convenient login features your customers want, like social login, multi-factor authentication, single sign-on, passwordless, and more. Get started for free.




    About Scott

    Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

    facebook
    bluesky
    subscribe
    About   Newsletter

    Hosting By
    Hosted on Linux using .NET in an Azure App Service










    Source link

  • Build a Python Secure File Eraser App with PyQt (Step-by-Step)



    Build a Python Secure File Eraser App with PyQt (Step-by-Step)



    Source link

  • 6.40 Million Google Clicks! 🤑

    6.40 Million Google Clicks! 🤑


    Yesterday Online PNG Tools smashed through 6.39M Google clicks and today it’s smashed through 6.40M Google clicks! That’s 10,000 new clicks in a single day – the smash train keeps on rollin’!

    What Are Online PNG Tools?

    Online PNG Tools offers a collection of easy-to-use web apps that help you work with PNG images right in your browser. It’s like a Swiss Army Knife for anything PNG-related. On this site, you can create transparent PNGs, edit icons, clean up logos, crop stamps, change colors of signatures, and customize stickers – there’s a tool for it all. The best part is that you don’t need to install anything or be a graphic designer. All tools are made for regular people who just want to get stuff done with their images. No sign-ups, no downloads – just quick and easy PNG editing tools.

    Who Created Online PNG Tools?

    Online PNG Tools were created by me and my team at Browserling. We’ve build simple, browser-based tools that anyone can use without needing to download or install anything. Along with PNG tools, we also work on cross-browser testing to help developers make sure their websites work great on all web browsers. Our mission is to make online tools that are fast, easy to use, and that are helpful for everyday tasks like editing icons, logos, and signatures.

    Who Uses Online PNG Tools?

    Online PNG Tools and Browserling are used by everyone – from casual users to professionals and even Fortune 100 companies. Casual users often use them to make memes, edit profile pictures, or remove backgrounds. Professionals use them to clean up logos, design icons, or prepare images for websites and apps.

    Smash too and see you tomorrow at 6.41M clicks! 📈

    PS. Use coupon code SMASHLING for a 30% discount on these tools at onlinePNGtools.com/pricing. 💸



    Source link

  • Build a Python File Encryption Tool with PyQt (Step-by-Step)



    Build a Python File Encryption Tool with PyQt (Step-by-Step)



    Source link