{"id":146839,"date":"2025-07-03T07:04:02","date_gmt":"2025-07-03T14:04:02","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=146839"},"modified":"2025-07-16T06:51:40","modified_gmt":"2025-07-16T13:51:40","slug":"apache-cve-2025-24813-cve-2025-27636-cve-2025-29891","status":"publish","type":"post","link":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/","title":{"rendered":"Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af"},"content":{"rendered":"<h2><a id=\"post-146839-_4lt92rr5muov\"><\/a>\u30a8\u30b0\u30bc\u30af\u30c6\u30a3\u30d6 \u30b5\u30de\u30ea\u30fc<\/h2>\n<p>2025\u5e743\u6708\u3001Apache\u306f\u3001Apache Tomcat\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u8106\u5f31\u6027\u3068\u3057\u3066<a href=\"https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq\" target=\"_blank\" rel=\"noopener\">CVE-2025-24813<\/a>\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u306f\u3001Apache\u306eWeb\u30b5\u30fc\u30d0\u30fc\u304cJava\u30d9\u30fc\u30b9\u306eWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u3001\u5e83\u304f\u4f7f\u308f\u308c\u3066\u3044\u308b\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3067\u3059\u3002\u3053\u306e\u6b20\u9665\u306fApache Tomcat\u306e\u30d0\u30fc\u30b8\u30e7\u30f39.0.0.M1\u304b\u30899.0.98\u300110.1.0.M1\u304b\u308910.1.34\u3001\u304a\u3088\u307311.0.0.M1\u304b\u308911.0.2\u306b\u5f71\u97ff\u3059\u308b\u3082\u306e\u3067\u3001\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u6050\u308c\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u540c\u6708\u3001Apache\u306f\u3001\u30e1\u30c3\u30bb\u30fc\u30b8 \u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u306e\u30df\u30c9\u30eb\u30a6\u30a7\u30a2 \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3067\u3042\u308bApache Camel\u306b\u3001\u3055\u3089\u306b2\u3064\u306e\u8106\u5f31\u6027\u304c\u3042\u308b\u3053\u3068\u3092\u660e\u3089\u304b\u306b\u3057\u307e\u3057\u305f\u3002\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u306f<a href=\"https:\/\/camel.apache.org\/security\/CVE-2025-27636.html\" target=\"_blank\" rel=\"noopener\">CVE-2025-27636<\/a>\u304a\u3088\u3073<a href=\"https:\/\/camel.apache.org\/security\/CVE-2025-29891.html\" target=\"_blank\" rel=\"noopener\">CVE-2025-29891<\/a>\u3067\u3042\u308a\u3001Apache Camel\u306e\u30d0\u30fc\u30b8\u30e7\u30f34.10.0\u304b\u30894.10.1\u30014.8.0\u304b\u30894.8.4\u3001\u304a\u3088\u30733.10.0\u304b\u30893.22.3\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3059\u3082\u306e\u3067\u3001\u540c\u69d8\u306b\u30ea\u30e2\u30fc\u30c8\u3067\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u653b\u6483\u8005\u306b\u8a31\u3059\u3082\u306e\u3067\u3059\u3002<\/p>\n<p>\u4f55\u767e\u4e07\u4eba\u3082\u306e\u958b\u767a\u8005\u304cApache Foundation\u304c\u63d0\u4f9b\u3059\u308b\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306b\u4f9d\u5b58\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u306f\u91cd\u5927\u306a\u3082\u306e\u3068\u3055\u308c\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u306e\u60aa\u7528\u306b\u6210\u529f\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u306fTomcat\/Camel\u306e\u6a29\u9650\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>Apache\u306f\u30d1\u30c3\u30c1\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u3001\u8abf\u67fb\u54e1\u306b\u3088\u3063\u3066\u3059\u3050\u306b\u6982\u5ff5\u5b9f\u8a3c(PoC)\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\u304c\u3001\u8106\u5f31\u306a\u30b5\u30fc\u30d0\u30fc\u306b\u5bfe\u3059\u308b\u30b9\u30ad\u30e3\u30f3\u3084\u30d7\u30ed\u30fc\u30d6\u306f\u3001\u60c5\u5831\u516c\u958b\u306e\u76f4\u5f8c\u304b\u3089\u6563\u898b\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u5f0a\u793e\u3067\u3082\u307e\u305f\u3001\u3053\u308c\u30893\u3064\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u30012025\u5e743\u6708\u306b\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u306b\u95a2\u9023\u3059\u308b125,856\u4ef6\u306e\u30d7\u30ed\u30fc\u30d6\/\u30b9\u30ad\u30e3\u30f3\/\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u8a66\u307f\u3092\u30d6\u30ed\u30c3\u30af\u3057\u3066\u3044\u307e\u3059\u3002\u5f0a\u793e\u3067\u306f\u901f\u3084\u304b\u306b\u4fee\u6b63\u30d1\u30c3\u30c1\u306e\u9069\u7528\u3092\u5b9f\u65bd\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u88fd\u54c1\u3068\u30b5\u30fc\u30d3\u30b9\u3092\u3054\u5229\u7528\u3044\u305f\u3060\u304f\u3053\u3068\u3067\u3088\u308a\u5f37\u56fa\u306a\u4fdd\u8b77\u3092\u69cb\u7bc9\u3044\u305f\u3060\u3051\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>\u3068<a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Advanced Threat Prevention<\/a>\u306e\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u306f\u3001\u95a2\u9023\u3059\u308b\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u7279\u5b9a\u3057\u3001\u30d6\u30ed\u30c3\u30af\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xpanse\" target=\"_blank\" rel=\"noopener\">Cortex Xpanse<\/a>\u304a\u3088\u3073 <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xsiam\" target=\"_blank\" rel=\"noopener\">Cortex XSIAM<\/a>\u306f\u3001\u300cTomcat Web Server\u300d\u30a2\u30bf\u30c3\u30af\u30b5\u30fc\u30d5\u30a7\u30b9 \u30eb\u30fc\u30eb\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u5916\u90e8\u306b\u9762\u3057\u305fApache Tomcat\u30b5\u30fc\u30d0\u30fc\u3092\u8b58\u5225\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ul>\n<p>\u60c5\u5831\u6f0f\u3048\u3044\u306e\u53ef\u80fd\u6027\u304c\u3042\u308b\u5834\u5408\u3001\u307e\u305f\u306f\u7dca\u6025\u306e\u6848\u4ef6\u304c\u3042\u308b\u5834\u5408\u306f\u3001<a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\">Unit 42\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 \u30ec\u30b9\u30dd\u30f3\u30b9 \u30c1\u30fc\u30e0<\/a>\u307e\u3067\u3054\u9023\u7d61\u304f\u3060\u3055\u3044\u3002<\/p>\n<table>\n<thead>\n<tr>\n<td style=\"width: 35%;\"><b>Unit 42\u306e\u95a2\u9023\u30c8\u30d4\u30c3\u30af<\/b><\/td>\n<td style=\"width: 100%;\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/category\/vulnerabilities-ja\/\" target=\"_blank\" rel=\"noopener\"><b>Vulnerabilities<\/b><\/a>, <strong><a href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/tag\/cve-2025-24813-ja\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-24813<\/a><\/strong>, <strong><a href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/tag\/cve-2025-27636-ja\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-27636<\/a><\/strong>, <strong><a href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/tag\/cve-2025-29891-ja\/\" target=\"_blank\" rel=\"noopener\">CVE-2025-29891<\/a><\/strong><\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<h2><a id=\"post-146839-_wven14kmgum2\"><\/a>CVE-2025-24813:Apache Tomcat<\/h2>\n<h3><a id=\"post-146839-_4dx5o63i9pui\"><\/a>\u8106\u5f31\u6027\u306e\u6982\u8981<\/h3>\n<p>CVE-2025-24813\u306f\u3001<a href=\"https:\/\/lists.apache.org\/thread\/j5fkjv2k477os90nczf2v9l61fb0kkgq\" target=\"_blank\" rel=\"noopener\">Apache Tomcat\u306ePartial PUT\u6a5f\u80fd<\/a>\u306b\u8106\u5f31\u6027\u304c\u3042\u308a\u3001\u653b\u6483\u8005\u306b\u30c7\u30a3\u30b9\u30af\u4e0a\u306e\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u3092\u4e0a\u66f8\u304d\u3055\u308c\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u8106\u5f31\u6027\u306f<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u3092\u542b\u3080Partial PUT\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u3001\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3057\u3066\u3044\u306a\u3044Tomcat\u30b7\u30b9\u30c6\u30e0\u304c\u4e0d\u9069\u5207\u306b\u51e6\u7406\u3059\u308b\u305f\u3081\u3001Tomcat\u304cHTTP\u30bb\u30c3\u30b7\u30e7\u30f3\u30c7\u30fc\u30bf\u3092\u6c38\u7d9a\u5316\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306b\u751f\u3058\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-146839-_miteeziujn0l\"><\/a>Partial PUT<\/h4>\n<p>\u7528\u8a9e\u300c<a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc9110.html#name-partial-put\" target=\"_blank\" rel=\"noopener\">Partial PUT<\/a>\u300d\u3068\u306f\u3001\u30ea\u30bd\u30fc\u30b9\u3092\u5b8c\u5168\u306b\u7f6e\u304d\u63db\u3048\u308b\u306e\u3067\u306f\u306a\u304f\u3001\u30ea\u30bd\u30fc\u30b9\u306e\u4e00\u90e8\u3060\u3051\u3092\u66f4\u65b0\u3059\u308bHTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u6307\u3057\u307e\u3059\u3002\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u90e8\u5206PUT\u306f\u901a\u5e38HTTP\u30ea\u30af\u30a8\u30b9\u30c8\u306e<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u3001\u30ea\u30bd\u30fc\u30b9\u306e\u3069\u306e\u90e8\u5206\u3092\u5909\u66f4\u3059\u3079\u304d\u304b\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u306b\u3088\u308a\u3001\u958b\u767a\u8005\u306f\u30ea\u30bd\u30fc\u30b9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3092\u30c1\u30e3\u30f3\u30af\u5358\u4f4d\u3067\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u307e\u305f\u306f\u4e0a\u66f8\u304d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u3057\u304b\u3057\u306a\u304c\u3089\u3001Partial PUT\u304c\u9069\u5207\u306b\u51e6\u7406\u3055\u308c\u306a\u3044\u5834\u5408\u3001\u30d5\u30a1\u30a4\u30eb\u306e\u5897\u5206\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u305f\u308a\u3001\u30d5\u30a1\u30a4\u30eb\u306e\u7279\u5b9a\u306e\u90e8\u5206\u3092\u4e0a\u66f8\u304d\u3057\u305f\u308a\u3001\u7279\u5b9a\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c1\u30a7\u30c3\u30af\u3092\u56de\u907f\u3057\u305f\u308a\u3059\u308b\u305f\u3081\u306b\u60aa\u7528\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-146839-_fkpyp9ynz14d\"><\/a>Apache Tomcat\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u6c38\u7d9a\u5316\u6a5f\u80fd<\/h4>\n<p>Apache Tomcat\u306eHTTP\u30bb\u30c3\u30b7\u30e7\u30f3 \u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u306b\u306f\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u6c38\u7d9a\u5316\u6a5f\u80fd\u304c\u5099\u308f\u3063\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u6a5f\u80fd\u306f\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u30b7\u30e3\u30c3\u30c8\u30c0\u30a6\u30f3\u6642\u306b\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u3092\u30d5\u30a1\u30a4\u30eb\u307e\u305f\u306f\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u4fdd\u5b58\u3057\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u518d\u8d77\u52d5\u6642\u306b\u3053\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u3092\u518d\u8aad\u307f\u8fbc\u3080\u3082\u306e\u3067\u3059\u3002\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u306b\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30ed\u30b0\u30a4\u30f3 \u30b9\u30c6\u30fc\u30bf\u30b9\u3084\u30d7\u30ea\u30d5\u30a1\u30ec\u30f3\u30b9\u306a\u3069\u306e\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u3053\u306e\u6a5f\u80fd\u306f\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u518d\u8d77\u52d5\u3092\u307e\u305f\u3044\u3067\u30e6\u30fc\u30b6\u30fc\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u3092\u4fdd\u6301\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<p>Tomcat\u306f\u3053\u306e\u4fdd\u5b58\u3055\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u3092\u3001<a href=\"https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/serialization\/index.html\" target=\"_blank\" rel=\"noopener\">\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba<\/a>\u3068\u547c\u3070\u308c\u308b\u30d7\u30ed\u30bb\u30b9\u3092\u4f7f\u3063\u3066\u30d0\u30a4\u30c8 \u30b9\u30c8\u30ea\u30fc\u30e0\u3068\u3057\u3066\u30a8\u30f3\u30b3\u30fc\u30c9\u3057\u3066\u3001\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u305f\u30c7\u30fc\u30bf\u3092\u30ed\u30fc\u30ab\u30eb \u30d5\u30a1\u30a4\u30eb \u30b7\u30b9\u30c6\u30e0\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002\u305d\u3057\u3066<span style=\"font-family: 'courier new', courier, monospace;\">HttpSession<\/span>\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306b\u683c\u7d0d\u3055\u308c\u3066\u3044\u308b\u3059\u3079\u3066\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u5c5e\u6027\u3092\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u306fWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c<span style=\"font-family: 'courier new', courier, monospace;\">session.setAttribute()<\/span>\u3092\u4f7f\u3063\u3066\u660e\u793a\u7684\u306b\u30bb\u30c3\u30b7\u30e7\u30f3\u306b\u914d\u7f6e\u3057\u305f\u30c7\u30fc\u30bf\u3082\u542b\u307e\u308c\u307e\u3059\u3002\u3053\u306e\u60c5\u5831\u306f\u901a\u5e38<span style=\"font-family: 'courier new', courier, monospace;\">\u3001$TOMCAT_HOME\/webapps\/ROOT\/<\/span>\u306e\u3069\u3053\u304b\u306b\u4fdd\u5b58\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3057\u304b\u3057\u3001\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u306f\u3001Tomcat\u306e<span style=\"font-family: 'courier new', courier, monospace;\">executePartialPut<\/span>\u95a2\u6570\u304c\u4f7f\u7528\u3059\u308b\u306e\u3068\u540c\u3058\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u683c\u7d0d\u3055\u308c\u307e\u3059\u3002\u30e6\u30fc\u30b6\u30fc\u306f\u3001\u3053\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u3042\u308b\u30bb\u30c3\u30b7\u30e7\u30f3ID\u3068\u30ad\u30e3\u30c3\u30b7\u30e5\u3055\u308c\u305f\u30c7\u30fc\u30bf\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u5236\u5fa1\u3059\u308b\u305f\u3081\u306bHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u4f5c\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u3059\u306a\u308f\u3061\u3001\u653b\u6483\u8005\u306f\u610f\u56f3\u7684\u306b\u30bb\u30c3\u30b7\u30e7\u30f3ID\u3092\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u3067\u3001\u4ee5\u524d\u306b\u30ad\u30e3\u30c3\u30b7\u30e5\u306b\u4fdd\u5b58\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306e\u30ad\u30e3\u30c3\u30b7\u30e5 \u30d5\u30a1\u30a4\u30eb\u540d\u3068\u4e00\u81f4\u3055\u305b\u308b\u3053\u3068\u304c\u53ef\u80fd\u3068\u3055\u308c\u307e\u3059\u3002\u305d\u306e\u7d50\u679c\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u304c\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u3001\u57cb\u3081\u8fbc\u307e\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306e\u30c8\u30ea\u30ac\u30fc\u3092\u8a31\u3059\u3053\u3068\u306b\u3064\u306a\u304c\u308a\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-146839-_b87ill5gvj5e\"><\/a>\u524d\u63d0\u6761\u4ef6<\/h4>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u30fc\u306f\u90e8\u5206\u66f4\u65b0\u3067\u3088\u304f\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30d8\u30c3\u30c0\u30fc\u306f\u3001\u30ea\u30af\u30a8\u30b9\u30c8 \u30dc\u30c7\u30a3\u304c\u30ea\u30bd\u30fc\u30b9\u5168\u4f53\u3067\u306f\u306a\u304f\u30ea\u30bd\u30fc\u30b9\u306e\u4e00\u90e8\u3092\u542b\u3093\u3067\u3044\u308b\u3053\u3068\u3092\u793a\u3057\u307e\u3059\u3002HTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u306b<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u5834\u5408\u3001Tomcat\u306fPUT\u8981\u6c42\u306e\u5185\u5bb9(\u30dc\u30c7\u30a3)\u3092\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u5834\u6240\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002\u6b21\u306e\u30b3\u30fc\u30c9 \u30b9\u30cb\u30da\u30c3\u30c8\u306f\u3001Tomcat\u304c\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u542b\u3080HTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u304b\u3089\u306e\u30c7\u30fc\u30bf\u3092\u4fdd\u5b58\u3059\u308b\u3053\u3068\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<pre class=\"lang:default decode:true\">if (range != null) {\r\n\r\nFile contentFile = executePartialPut(req, range, path);<\/pre>\n<p>\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u306b\u306f\u3001\u8106\u5f31\u306aTomcat\u306e\u8a2d\u5b9a\u306b\u6b21\u306e2\u3064\u306e\u524d\u63d0\u6761\u4ef6\u304c\u5fc5\u8981\u3067\u3042\u308b\u3068\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ol>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">TOMCAT_HOME\/conf\/web.xml<\/span>\u306b\u3042\u308bTomcat\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u8aad\u307f\u53d6\u308a\u5c02\u7528\u30d1\u30e9\u30e1\u30fc\u30bf\u304c\u7121\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3002\u7121\u52b9\u5316\u3055\u308c\u305f\u8aad\u307f\u53d6\u308a\u5c02\u7528\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u542b\u3080<span style=\"font-family: 'courier new', courier, monospace;\">web.xml<\/span>\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002<\/li>\n<\/ol>\n<pre class=\"lang:default decode:true\">&lt;init-param&gt;\r\n\r\n&lt;param-name&gt;readonly&lt;\/param-name&gt;\r\n\r\n&lt;param-value&gt;false&lt;\/param-value&gt;\r\n\r\n&lt;\/init-param&gt;\r\n\r\n[end code]\r\n\r\nSession persistence is enabled in the Tomcat configuration file at $TOMCAT_HOME\/conf\/content.xml. The section of content.xml that demonstrates enabled session persistence follows.\r\n\r\n[begin code]\r\n\r\n&lt;Manager className=\"org.apache.catalina.session.PersistentManager\"&gt;\r\n\r\n&lt;Store className=\"org.apache.catalina.session.FileStore\" \/&gt;\r\n\r\n&lt;\/Manager&gt;<\/pre>\n<h3><a id=\"post-146839-_69923fb7ckyn\"><\/a>\u8106\u5f31\u6027\u3092\u5229\u7528\u3059\u308b<\/h3>\n<p>\u5f0a\u793e\u3067\u306f2025\u5e743\u6708\u306b<a href=\"https:\/\/github.com\/PaloAltoNetworks\/Unit42-timely-threat-intel\/blob\/main\/2025-03-14-Testing-CVE-2025-24813.md\" target=\"_blank\" rel=\"noopener\">CVE-2025-24813\u306e\u60aa\u7528\u3092\u30c6\u30b9\u30c8<\/a>\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u306e\u306b2\u3064\u306e\u30b9\u30c6\u30c3\u30d7\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u307e\u305a\u3001\u30b3\u30f3\u30c6\u30f3\u30c4\u7bc4\u56f2\u3068\u81ea\u5206\u3067\u5b9a\u7fa9\u3057\u305f\u30d5\u30a1\u30a4\u30eb\u540d\u3092URL\u306b\u6307\u5b9a\u3057\u305fHTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u3088\u3063\u3066\u3001\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u7d42\u4e86\u3055\u305b\u3001\u30b9\u30c6\u30fc\u30b8\u30f3\u30b0\u3057\u307e\u3059\u3002\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u306f\u3001\u5f8c\u3067\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3059\u308b\u305f\u3081\u306b\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/li>\n<li>\u6b21\u306b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">JSESSIONID=<\/span> \u306e\u76f4\u5f8c\u306b\u30d4\u30ea\u30aa\u30c9\u3067\u59cb\u307e\u308b\u81ea\u5df1\u5b9a\u7fa9\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u3067\u69cb\u6210\u3055\u308c\u308b\u30af\u30c3\u30ad\u30fc\u3092\u542b\u3080\u8ffd\u52a0\u306e HTTP GET \u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u3067\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u8d77\u52d5\u3057\u307e\u3059\u3002\u3053\u306e\u5834\u5408\u3001\u30af\u30c3\u30ad\u30fc\u306e\u884c\u306f\u30af\u30c3\u30ad\u30fc\u3092\u8aad\u307f\u53d6\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u56f31\u304c\u793a\u3059\u3088\u3046\u306b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">Cookie:\u300cJSESSIONID=.<em>[filename]<\/em>\u300d<\/span>\u3068\u306a\u308a\u3001\u3053\u308c\u304c\u30ad\u30e3\u30c3\u30b7\u30e5\u306e\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3092\u5f15\u304d\u8d77\u3053\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3055\u305b\u307e\u3059\u3002<\/li>\n<\/ul>\n<figure id=\"attachment_147196\" aria-describedby=\"caption-attachment-147196\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147196 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure1-1-786x425.png\" alt=\"2\u30b9\u30c6\u30c3\u30d7\u306e\u30b5\u30a4\u30d0\u30fc\u653b\u6483\u30d7\u30ed\u30bb\u30b9\u3092\u793a\u3059\u30d5\u30ed\u30fc\u30c1\u30e3\u30fc\u30c8\u3002\u30b9\u30c6\u30c3\u30d71\u3067\u306f\u300cContent-Range: bytes 0-5\/100\u300d\u3067\u300cPUT \/filename.session\u300d\u3068\u66f8\u304b\u308c\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u304c\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u3089\u308c\u308b\u3002\u30b9\u30c6\u30c3\u30d72\u3067\u306f\u3001\u653b\u6483\u8005\u306f\u300cGET \/\u300d\u3068\u30e9\u30d9\u30eb\u4ed8\u3051\u3055\u308c\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u300cCookie:JSESSIONID=_filename\u300d\u3092\u4ed8\u3051\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u308b\u3002\u77e2\u5370\u306f\u30b9\u30c6\u30fc\u30b8\u3068\u30b5\u30fc\u30d0\u30fc\u9593\u306e\u901a\u4fe1\u65b9\u5411\u3092\u793a\u3059\u3002\" width=\"800\" height=\"433\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure1-1-786x425.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure1-1-768x416.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure1-1.png 1264w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-147196\" class=\"wp-caption-text\">\u56f31.\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e2\u3064\u306e\u30b9\u30c6\u30c3\u30d7\u3002<\/figcaption><\/figure>\n<h4><a id=\"post-146839-_6kdkniqj7voc\"><\/a>\u30b9\u30c6\u30c3\u30d71: \u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u30b9\u30c6\u30fc\u30b8\u5316\u3059\u308b<\/h4>\n<p>\u6700\u521d\u306e\u30b9\u30c6\u30c3\u30d7\u306f\u3001\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u306e\u30d5\u30a1\u30a4\u30eb\u3092HTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30dc\u30c7\u30a3\u3068\u3057\u3066\u9001\u4fe1\u3059\u308b\u3053\u3068\u3067\u3059\u3002\u56f32\u304cPUT\u30d8\u30c3\u30c0\u30fc\u884c\u3067\u793a\u3059\u3088\u3046\u306b\u3001URI\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306f<span style=\"font-family: 'courier new', courier, monospace;\">.session<\/span>\u3067\u7d42\u308f\u3063\u3066\u3044\u308b\u306e\u3067\u3001Apache Tomcat\u306f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u30ed\u30fc\u30ab\u30eb \u30d5\u30a1\u30a4\u30eb \u30b7\u30b9\u30c6\u30e0\u4e0a\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u30ad\u30e3\u30c3\u30b7\u30e5\u3057\u307e\u3059\u3002<\/p>\n<p>\u56f32\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">gopan.session<\/span>\u3092\u30d5\u30a1\u30a4\u30eb\u540d\u3068\u3059\u308b\u6700\u521d\u306e\u30b9\u30c6\u30c3\u30d7\u306ePUT\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u3059\u3002\u3053\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u304b\u3089\u306eHTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">PUT \/<em>[filename]<\/em>.session HTTP\/1.1<\/span><\/p>\n<figure id=\"attachment_146851\" aria-describedby=\"caption-attachment-146851\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146851 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-291598-146839-2.png\" alt=\"HTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\u30d8\u30c3\u30c0\u30fc\u306e\u4e00\u90e8\u3068\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u304c\u793a\u3055\u308c\u3066\u3044\u308b\u3002\u30d8\u30c3\u30c0\u30fc\u306b\u306f\u3001\u30db\u30b9\u30c8\u3001\u30b3\u30cd\u30af\u30b7\u30e7\u30f3 \u30bf\u30a4\u30d7\u3001\u304a\u3088\u3073\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u9577\u3055\u306b\u95a2\u3059\u308b\u60c5\u5831\u304c\u542b\u307e\u308c\u308b\u3002\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u305f\u90e8\u5206\u306f\u3001\u30d5\u30a1\u30a4\u30eb\u540d\u300cgopan.session\u300d\u304c\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30b3\u30f3\u30c6\u30f3\u30c4 \u30dc\u30c7\u30a3\u3068\u3057\u3066\u9001\u3089\u308c\u308b\u3053\u3068\u3092\u793a\u3057\u3066\u3044\u308b\u3002\" width=\"800\" height=\"432\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-291598-146839-2.png 1116w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-291598-146839-2-786x424.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-291598-146839-2-768x414.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-146851\" class=\"wp-caption-text\">\u56f32.\u30b9\u30c6\u30c3\u30d71\u306e\u30da\u30a4\u30ed\u30fc\u30c9\u3002<\/figcaption><\/figure>\n<h4><a id=\"post-146839-_vzia2uleku9x\"><\/a>\u30b9\u30c6\u30c3\u30d72: \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u30c8\u30ea\u30ac\u30fc<\/h4>\n<p>\u30b9\u30c6\u30c3\u30d72\u306f\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u8d77\u52d5\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306b\u3001\u30d5\u30a9\u30ed\u30fc\u30a2\u30c3\u30d7\u306eHTTP GET\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u3067\u3059\u3002\u56f33\u306f\u3001\u524d\u306e\u30b9\u30c6\u30c3\u30d7\u3067\u4f7f\u308f\u308c\u305f<span style=\"font-family: 'courier new', courier, monospace;\">JSESSIONID<\/span>\u30af\u30c3\u30ad\u30fc\u5024\u3092\u6301\u3064HTTP GET\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u3053\u306e\u30af\u30c3\u30ad\u30fc\u306e\u5f62\u5f0f\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<p><span style=\"font-family: 'courier new', courier, monospace;\">Cookie: JSESSIONID=.<em>[filename]<\/em><\/span><\/p>\n<figure id=\"attachment_146862\" aria-describedby=\"caption-attachment-146862\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146862 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-294381-146839-3.png\" alt=\"HTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3068\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u8868\u793a\u3059\u308b\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u7aef\u672b\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\u30ec\u30b9\u30dd\u30f3\u30b9\u306fHTTP 500\u30a8\u30e9\u30fc\u3092\u793a\u3057\u3001\u30af\u30c3\u30ad\u30fc \u30c7\u30fc\u30bf\u306e\u4e00\u90e8\u306f\u30d5\u30a1\u30a4\u30eb\u540d\u300cgopan\u300d\u3068\u300cgopan-family\u300d\u3092\u53c2\u7167\u3057\u3066\u3044\u308b\u3002\" width=\"700\" height=\"378\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-294381-146839-3.png 1114w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-294381-146839-3-786x425.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-294381-146839-3-768x415.png 768w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-146862\" class=\"wp-caption-text\">\u56f33.\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066\u3001\u30b9\u30c6\u30c3\u30d71\u3067\u9001\u4fe1\u3057\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3002<\/figcaption><\/figure>\n<p>\u3053\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u30af\u30c3\u30ad\u30fc\u306e\u5024\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">JSESSIONID<\/span>\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u5024\u306e\u524d\u306b\u30d4\u30ea\u30aa\u30c9(.)\u304c\u4f7f\u308f\u308c\u3066\u304a\u308a\u3001\u3053\u306e\u5148\u982d\u306e\u30d4\u30ea\u30aa\u30c9\u306b\u3088\u3063\u3066\u3001Tomcat\u306f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u3092\u5148\u982d\u306e\u30c9\u30c3\u30c8\u3067\u4fdd\u5b58\u3059\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-146839-_2dgleinvkp3y\"><\/a>\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u89e3\u6790<\/h4>\n<h5><a id=\"post-146839-_6o8u1l9d0nsa\"><\/a>Tomcat\u304cPUT\u30dc\u30c7\u30a3\u3092\u30d5\u30a1\u30a4\u30eb\u306b\u30ad\u30e3\u30c3\u30b7\u30e5\u3059\u308b\u65b9\u6cd5<\/h5>\n<p>\u56f34\u304c\u793a\u3059\u3088\u3046\u306b\u3001Tomcat\u306f\u307e\u305a\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3067<span style=\"font-family: 'courier new', courier, monospace;\">readonly<\/span>\u30d5\u30e9\u30b0\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002\u6709\u52b9\u3067\u3042\u308b\u5834\u5408\u3001Tomcat\u306f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u542b\u3081\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u306b\u30b3\u30fc\u30c9\u3092\u66f8\u304d\u8fbc\u307f\u307e\u305b\u3093\u3002<\/p>\n<figure id=\"attachment_147207\" aria-describedby=\"caption-attachment-147207\" style=\"width: 900px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147207 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure3-4-471x440.png\" alt=\"HttpServlet \u64cd\u4f5c\u9593\u306e\u76f8\u4e92\u4f5c\u7528\u306e\u8a73\u7d30\u3092\u793a\u3059\u30d5\u30ed\u30fc\u30c1\u30e3\u30fc\u30c8\u3002\u300cdoPut\u300d\u306f\u30ea\u30af\u30a8\u30b9\u30c8\u3068\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u51e6\u7406\u3059\u308b\u3053\u3068\u304b\u3089\u59cb\u307e\u308a\u3001\u300cexecutePartialPut\u300d\u307e\u305f\u306f\u300cwrite req, save file\u300d\u306e\u5b9f\u884c\u3092\u6c7a\u5b9a\u3059\u308b\u524d\u306b\u3001\u5b9f\u884c\u53ef\u80fd\u6027\u3068\u7bc4\u56f2\u3092\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002\u5225\u306e\u30d6\u30e9\u30f3\u30c1\u3067\u306f\u3001\u300creplacePartialPut\u300d\u304c\u6587\u5b57\u5217\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u51e6\u7406\u3057\u3001\u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3002\u305d\u306e\u5f8c\u3001\u30d5\u30a1\u30a4\u30eb \u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u691c\u8a3c\u3057\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u30d5\u30a1\u30a4\u30eb \u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306b\u66f8\u304d\u8fbc\u3093\u3067\u3044\u308b\u3002\" width=\"900\" height=\"841\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure3-4-471x440.png 471w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure3-4-749x700.png 749w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure3-4-768x718.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure3-4.png 1102w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><figcaption id=\"caption-attachment-147207\" class=\"wp-caption-text\">\u56f34.\u30b9\u30c6\u30c3\u30d71:PUT\u304b\u3089\u30d5\u30a1\u30a4\u30eb\u3092\u66f8\u304d\u8fbc\u3080\u3002<\/figcaption><\/figure>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">readonly<\/span>\u30d5\u30e9\u30b0\u304c\u6709\u52b9\u3067\u306a\u3044\u5834\u5408\u3001Tomcat\u306fHTTP\u30d8\u30c3\u30c0\u30fc\u306e<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d5\u30a3\u30fc\u30eb\u30c9\u3082\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002<\/li>\n<li>\u30ea\u30af\u30a8\u30b9\u30c8\u306b<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u304c\u306a\u3044\u5834\u5408\u3001Tomcat\u306f\u51e6\u7406\u3092\u7d42\u4e86\u3057\u307e\u3059\u3002<\/li>\n<li>\u30ea\u30af\u30a8\u30b9\u30c8\u306b<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u30fc\u304c\u3042\u308b\u5834\u5408\u3001Tomcat\u306fHTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u304b\u3089\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf(\u3053\u306e\u5834\u5408\u306f<span style=\"font-family: 'courier new', courier, monospace;\">gopan.session<\/span>)\u3092\u3001\u56f35\u306b\u793a\u3059\u3088\u3046\u306b2\u3064\u306e\u5834\u6240\u306b\u4fdd\u5b58\u3057\u307e\u3059\u3002\n<ul>\n<li>\u6700\u521d\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">$TOMCAT_HOME\/webapps\/ROOT\/<\/span>\u306e\u4e0b\u306b\u3001\u5148\u982d\u306e\u30d4\u30ea\u30aa\u30c9\u3092\u9664\u3044\u305f\u901a\u5e38\u306e\u30ad\u30e3\u30c3\u30b7\u30e5 \u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u4fdd\u5b58\u3055\u308c\u307e\u3059\u3002<\/li>\n<li>2\u756a\u76ee\u306f\u3001\u4f5c\u696d\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e<span style=\"font-family: 'courier new', courier, monospace;\">$TOMCAT_HOME\/work\/Catalina\/localhost\/ROOT\/<\/span>\u306e\u4e0b\u306b\u3001\u5148\u982d\u306b\u30d4\u30ea\u30aa\u30c9\u3092\u4ed8\u3051\u305f\u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u4fdd\u5b58\u3055\u308c\u307e\u3059\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<figure id=\"attachment_146884\" aria-describedby=\"caption-attachment-146884\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146884 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-300473-146839-5.png\" alt=\"\u4f5c\u696d\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4e0b\u306b\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308bApache Tomcat\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u30cf\u30a4\u30e9\u30a4\u30c8\u3057\u305fIDE\u5185\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u69cb\u9020\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002Tomcat\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u30eb\u30fc\u30c8 \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3002\u30d5\u30a1\u30a4\u30eb\u540d\u306b\u5148\u982d\u306e\u30d4\u30ea\u30aa\u30c9\u304c\u306a\u3044\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u306f\u3001\u30ab\u30ec\u30f3\u30c8 \u30ad\u30e3\u30c3\u30b7\u30e5 \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4e0b\u306b\u901a\u5e38\u306e\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u4fdd\u5b58\u3055\u308c\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u5148\u982d\u304c\u30d4\u30ea\u30aa\u30c9\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u306f\u3001\u4f5c\u696d\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u4e0b\u306b\u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u4fdd\u5b58\u3055\u308c\u307e\u3059\u3002\" width=\"800\" height=\"964\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-300473-146839-5.png 1699w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-300473-146839-5-365x440.png 365w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-300473-146839-5-581x700.png 581w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-300473-146839-5-768x926.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-300473-146839-5-1274x1536.png 1274w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-146884\" class=\"wp-caption-text\">\u56f35.\u30ad\u30e3\u30c3\u30b7\u30e5\u3055\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u3002<\/figcaption><\/figure>\n<p>\u91cd\u8981\u306a\u70b9\u306f\u3001Tomcat\u304c\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u5fa9\u5143\u3059\u308b\u3068\u304d\u306b\u3001\u540c\u3058\u4f5c\u696d\u30d5\u30a9\u30eb\u30c0\u304b\u3089\u30ad\u30e3\u30c3\u30b7\u30e5\u3055\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u3082\u30ed\u30fc\u30c9\u3059\u308b\u3053\u3068\u3067\u3059\u3002<\/p>\n<p>\u56f36\u3068\u56f37\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">Tomcat\u304cjava\/org\/apache\/catalina\/servlets\/DefaultServlet.java<\/span>\u3067\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u5fa9\u5143\u3059\u308b\u3068\u304d\u306b\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u3055\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u3092\u30ed\u30fc\u30c9\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3059\u308b\u30c7\u30d5\u30a9\u30eb\u30c8\u306eJava\u30b5\u30fc\u30d6\u30ec\u30c3\u30c8\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u9ec4\u8272\u306e\u30b3\u30e1\u30f3\u30c8\u306f\u3001\u30b3\u30fc\u30c9\u306b\u3088\u3063\u3066\u5b9f\u884c\u3055\u308c\u305f\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u8868\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_146895\" aria-describedby=\"caption-attachment-146895\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146895 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-305578-146839-6.png\" alt=\"HTTP\u30b5\u30fc\u30d0\u30fc\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u3068\u30ec\u30b9\u30dd\u30f3\u30b9\u306e\u51e6\u7406\u306b\u95a2\u9023\u3059\u308b\u30b3\u30fc\u30c9\u3092\u8868\u793a\u3059\u308bJava\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\" width=\"800\" height=\"947\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-305578-146839-6.png 1248w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-305578-146839-6-372x440.png 372w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-305578-146839-6-591x700.png 591w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-305578-146839-6-768x910.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-146895\" class=\"wp-caption-text\">\u56f36.Tomcat\u3067\u4f7f\u308f\u308c\u308bApache\u306e\u30c7\u30d5\u30a9\u30eb\u30c8Java\u30b5\u30fc\u30d6\u30ec\u30c3\u30c8\u306e\u6700\u521d\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3067\u3059\u3002<\/figcaption><\/figure>\n<figure id=\"attachment_146906\" aria-describedby=\"caption-attachment-146906\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146906 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-308454-146839-7.png\" alt=\"\u30b7\u30f3\u30bf\u30c3\u30af\u30b9 \u30cf\u30a4\u30e9\u30a4\u30c8\u4ed8\u304d\u306e\u30c6\u30ad\u30b9\u30c8 \u30a8\u30c7\u30a3\u30bf\u3067\u8868\u793a\u3055\u308c\u305f\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0 \u30b3\u30fc\u30c9\u306e\u4e00\u90e8\u3092\u793a\u3059\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\" width=\"800\" height=\"1201\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-308454-146839-7.png 1248w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-308454-146839-7-293x440.png 293w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-308454-146839-7-466x700.png 466w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-308454-146839-7-768x1153.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-308454-146839-7-1023x1536.png 1023w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-146906\" class=\"wp-caption-text\">\u56f37.Tomcat\u3067\u4f7f\u308f\u308c\u308bApache\u306e\u30c7\u30d5\u30a9\u30eb\u30c8Java\u30b5\u30fc\u30d6\u30ec\u30c3\u30c8\u306e2\u756a\u76ee\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3002<\/figcaption><\/figure>\n<h5><a id=\"post-146839-_pghu5dodv0mv\"><\/a>\u8106\u5f31\u6027\u304cHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u3088\u3063\u3066\u3069\u306e\u3088\u3046\u306b\u30c8\u30ea\u30ac\u30fc\u3055\u308c\u308b\u304b<\/h5>\n<p>Tomcat\u304c\u30bb\u30c3\u30b7\u30e7\u30f3ID\u3092\u6301\u3064HTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u53d7\u4fe1\u3057\u305f\u3068\u304d\u3001\u8a2d\u5b9a\u3067\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u6c38\u7d9a\u5316\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308c\u3070\u3001<a href=\"https:\/\/github.com\/PaloAltoNetworks\/Unit42-timely-threat-intel\/blob\/main\/2025-03-14-Testing-CVE-2025-24813.md\" target=\"_blank\" rel=\"noopener\">\u305d\u306e\u30bb\u30c3\u30b7\u30e7\u30f3<\/a>\u3092<a href=\"https:\/\/github.com\/PaloAltoNetworks\/Unit42-timely-threat-intel\/blob\/main\/2025-03-14-Testing-CVE-2025-24813.md\" target=\"_blank\" rel=\"noopener\">\u30e1\u30e2\u30ea\u4e0a<\/a>\u306b\u898b\u3064\u3051\u3088\u3046\u3068\u3057\u307e\u3059\u3002Tomcat\u304c\u30e1\u30e2\u30ea\u4e0a\u3067\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u898b\u3064\u3051\u3089\u308c\u306a\u3044\u5834\u5408\u3001\u4fdd\u5b58\u3055\u308c\u305f\u30ad\u30e3\u30c3\u30b7\u30e5 \u30d5\u30a1\u30a4\u30eb\u304b\u3089\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u5fa9\u5143\u3057\u307e\u3059\u3002\u3053\u306e\u6642\u70b9\u3067\u3001Tomcat\u306f\u56f38\u306b\u793a\u3059\u3088\u3046\u306b\u30bb\u30c3\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30eb\u3092\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_147159\" aria-describedby=\"caption-attachment-147159\" style=\"width: 900px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147159 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure2-568x440.png\" alt=\"\u30bb\u30c3\u30b7\u30e7\u30f3\u7ba1\u7406\u30d7\u30ed\u30bb\u30b9\u3092\u8868\u3059\u30d5\u30ed\u30fc\u30c1\u30e3\u30fc\u30c8\u3002findSession\u3001swapIn\u3001loadSessionFromStore\u3001load\u306a\u3069\u306e\u95a2\u6570\u3068\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u30e1\u30e2\u30ea\u5185\u306b\u3042\u308b\u304b\u3069\u3046\u304b\u306e\u30c1\u30a7\u30c3\u30af\u306b\u52a0\u3048\u3001\u30b9\u30c8\u30a2\u304b\u3089\u306e\u30ed\u30fc\u30c9\u3001\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u306a\u3069\u306e\u30b9\u30c6\u30c3\u30d7\u306e\u8a73\u7d30\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3002\" width=\"900\" height=\"697\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure2-568x440.png 568w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure2-903x700.png 903w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure2-768x595.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP_TomCat_Figure2.png 1471w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><figcaption id=\"caption-attachment-147159\" class=\"wp-caption-text\">\u56f38.\u30b9\u30c6\u30c3\u30d72:\u30bb\u30c3\u30b7\u30e7\u30f3ID\u304b\u3089\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u307e\u3067\u3002<\/figcaption><\/figure>\n<p>\u56f38\u306fTomcat\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u7ba1\u7406\u306e\u6d41\u308c\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u898b\u3064\u3051\u3001\u30c7\u30a3\u30b9\u30af\u304b\u3089\u30ed\u30fc\u30c9\u3057\u3001\u305d\u306e\u5185\u5bb9\u3092\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3059\u308b\u30b3\u30fc\u30c9\u306f\u3001\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u5b9f\u88c5\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">java\/org\/apache\/catalina\/session\/PersistentManagerBase.java<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">java\/org\/apache\/catalina\/Store.java<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">java\/org\/apache\/catalina\/session\/FileStore.java<\/span><\/li>\n<\/ul>\n<p>\u56f39\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">java\/org\/apache\/catalina\/session\/PersistentManagerBase.java<\/span>\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3067\u3001\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u304c\u30e1\u30e2\u30ea\u4e0a\u306b\u306a\u3044\u5834\u5408\u3001Tomcat\u306b\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u898b\u3064\u3051\u308b\u3088\u3046\u306b\u6307\u793a\u3057\u3066\u3044\u308b\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_146928\" aria-describedby=\"caption-attachment-146928\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146928 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-316473-146839-9.png\" alt=\"Java\u306b\u3088\u308b\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf \u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\u3053\u306e\u30b3\u30fc\u30c9\u306b\u306f\u3001findSession\u3068\u547c\u3070\u308c\u308b\u30e1\u30bd\u30c3\u30c9\u304c\u542b\u307e\u308c\u3066\u304a\u308a\u3001\u30e1\u30e2\u30ea\u5185\u3067\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u5229\u7528\u53ef\u80fd\u304b\u3069\u3046\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3001\u898b\u3064\u304b\u3089\u306a\u3044\u5834\u5408\u306f\u30d5\u30a1\u30a4\u30eb\u304b\u3089\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u306b\u95a2\u9023\u3059\u308b\u30b3\u30fc\u30c9\u30ed\u30b8\u30c3\u30af\u306e\u4e00\u90e8\u3092\u8aac\u660e\u3059\u308b\u30b3\u30e1\u30f3\u30c8\u304c\u6dfb\u3048\u3089\u308c\u3066\u3044\u308b\u3002\" width=\"1000\" height=\"405\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-316473-146839-9.png 1248w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-316473-146839-9-786x319.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-316473-146839-9-768x311.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-146928\" class=\"wp-caption-text\">\u56f39.<span style=\"font-family: 'courier new', courier, monospace;\">PersistentManagerBase.java<\/span>\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3067\u3001\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u304c\u30e1\u30e2\u30ea\u306b\u306a\u3044\u5834\u5408\u306f\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u691c\u7d22\u3057\u307e\u3059\u3002<\/figcaption><\/figure>\n<p>\u56f310\u3068\u56f311\u306f\u3001\u540c\u3058<span style=\"font-family: 'courier new', courier, monospace;\">PersistentManagerBase.java<\/span>\u30d5\u30a1\u30a4\u30eb\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3092\u793a\u3057\u3001\u4fdd\u5b58\u3055\u308c\u305f\u30ad\u30e3\u30c3\u30b7\u30e5 \u30d5\u30a1\u30a4\u30eb\u304b\u3089\u30bb\u30c3\u30b7\u30e7\u30f3 \u30c7\u30fc\u30bf\u3092\u30ed\u30fc\u30c9\u3059\u308b\u65b9\u6cd5\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_146939\" aria-describedby=\"caption-attachment-146939\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146939 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-318890-146839-10.png\" alt=\"\u30bb\u30c3\u30b7\u30e7\u30f3\u7ba1\u7406\u3068\u4f8b\u5916\u51e6\u7406\u306e\u69cb\u6587\u3092\u7279\u5fb4\u3068\u3059\u308b\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc \u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\" width=\"1000\" height=\"550\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-318890-146839-10.png 1248w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-318890-146839-10-786x432.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-318890-146839-10-768x422.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-146939\" class=\"wp-caption-text\">\u56f310:\u30d5\u30a1\u30a4\u30eb\u304b\u3089\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u30ed\u30fc\u30c9\u3059\u308b<span style=\"font-family: 'courier new', courier, monospace;\">PersistentManagerBase.java<\/span> \u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8(1\/2 )\u3002<\/figcaption><\/figure>\n<figure id=\"attachment_146950\" aria-describedby=\"caption-attachment-146950\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146950 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-321344-146839-11.png\" alt=\"\u300cloadSessionFromStore\u300d\u3068\u3044\u3046\u540d\u524d\u306e\u30e1\u30bd\u30c3\u30c9\u3092\u8868\u793a\u3057\u3066\u3044\u308b\u30b3\u30fc\u30c9 \u30b9\u30cb\u30da\u30c3\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\u3053\u306e\u30b3\u30fc\u30c9\u306b\u306f\u3001\u4f8b\u5916\u51e6\u7406\u3068\u30a8\u30e9\u30fc \u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u30ed\u30ae\u30f3\u30b0\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u3002\" width=\"1000\" height=\"405\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-321344-146839-11.png 1248w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-321344-146839-11-786x319.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-321344-146839-11-768x311.png 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-146950\" class=\"wp-caption-text\">\u56f311.\u30d5\u30a1\u30a4\u30eb\u304b\u3089\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u30ed\u30fc\u30c9\u3059\u308b<span style=\"font-family: 'courier new', courier, monospace;\">PersistentManagerBase.java<\/span> \u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8(2\/2)<\/figcaption><\/figure>\n<p>\u56f311\u304c\u793a\u3059\u3088\u3046\u306b\u3001store.load(id)\u306f\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30bc\u30fc\u30b7\u30e7\u30f3\u3092\u5f15\u304d\u8d77\u3053\u3057\u3001\u653b\u6483\u8005\u304c\u4ee5\u524d\u306b\u30d5\u30a1\u30a4\u30eb\u306b\u57cb\u3081\u8fbc\u3093\u3060\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u547c\u3073\u8d77\u3053\u3057\u307e\u3059\u3002\u305d\u306e\u7d50\u679c\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3092\u898b\u76f4\u3059\u3068\u3001\u307e\u305aTomcat\u304cHTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u304b\u3089\u3069\u306e\u3088\u3046\u306b\u30bb\u30c3\u30b7\u30e7\u30f3\u30c7\u30fc\u30bf\u3092\u4fdd\u5b58\u3059\u308b\u304b\u304c\u308f\u304b\u308a\u307e\u3059\u3002\u3053\u306e\u30ec\u30d3\u30e5\u30fc\u3067\u306f\u3001CVE-2025-24813\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u304c\u30011\u56de\u306e\u30d5\u30a9\u30ed\u30fc\u30a2\u30c3\u30d7HTTP GET\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u3088\u3063\u3066\u3069\u306e\u3088\u3046\u306b\u30c8\u30ea\u30ac\u30fc\u3055\u308c\u308b\u304b\u306b\u3064\u3044\u3066\u306e\u6d1e\u5bdf\u3082\u63d0\u4f9b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3057\u304b\u3057\u3001Apache\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u60aa\u7528\u304c\u8a66\u307f\u3089\u308c\u3066\u3044\u308b\u306e\u306fTomcat\u3060\u3051\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u307e\u305f\u3001Apache Camel\u306e2\u3064\u306e\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u60aa\u7528\u306e\u8a66\u307f\u3082\u6307\u6458\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-146839-_elz9rmte73xx\"><\/a>CVE-2025-27636\uff06CVE-2025-29891:Apache Camel<\/h2>\n<h3><a id=\"post-146839-_ona7ai2a841r\"><\/a>Apache Camel\u306e\u6982\u8981<\/h3>\n<p>Apache Camel\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u7d71\u5408\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3067\u3042\u308a\u3001\u958b\u767a\u8005\u306f\u3053\u308c\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u4fe1\u983c\u6027\u304c\u9ad8\u304f\u30b9\u30b1\u30fc\u30e9\u30d6\u30eb\u306a\u65b9\u6cd5\u3067\u7570\u306a\u308b\u30b7\u30b9\u30c6\u30e0\u3092\u63a5\u7d9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002Camel\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u958b\u767a\u8005\u306f\u3055\u307e\u3056\u307e\u306a\u30c9\u30e1\u30a4\u30f3\u56fa\u6709\u306e\u8a00\u8a9e\u3067\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u3068\u30e1\u30c7\u30a3\u30a8\u30fc\u30b7\u30e7\u30f3\u306e\u30eb\u30fc\u30eb\u3092\u5b9a\u7fa9\u3057\u3001\u591a\u69d8\u306a\u30b7\u30b9\u30c6\u30e0\u3084\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u7d71\u5408\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002Apache Camel\u306f\u5e45\u5e83\u3044\u30d7\u30ed\u30c8\u30b3\u30eb\u3068\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u307b\u3068\u3093\u3069\u306eCamel\u30e1\u30c3\u30bb\u30fc\u30b8 \u30cf\u30f3\u30c9\u30e9\u30fc\u306fJava\u30d1\u30c3\u30b1\u30fc\u30b8\u3068\u3057\u3066\u63d0\u4f9b\u3055\u308c\u3066\u304a\u308a\u3001\u958b\u767a\u8005\u306f\u88fd\u54c1\u306b\u542b\u3081\u308b\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u9078\u629e\u3067\u304d\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-146839-_991kujv19lpv\"><\/a>\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u8a73\u7d30<\/h3>\n<p>\u6697\u53f7\u5316\u306e\u5982\u4f55\u306b\u95a2\u308f\u3089\u305a\u3001HTTP\u306f\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u4e0a\u3067\u30c7\u30fc\u30bf\u3092\u9001\u4fe1\u3059\u308b\u305f\u3081\u306e\u4e00\u822c\u7684\u306a\u65b9\u6cd5\u3067\u3059\u3002Camel\u306f<a href=\"https:\/\/camel.apache.org\/components\/4.10.x\/jetty-component.html\" target=\"_blank\" rel=\"noopener\">Jetty<\/a>\u3084<a href=\"https:\/\/camel.apache.org\/components\/4.10.x\/netty-component.html\" target=\"_blank\" rel=\"noopener\">Netty<\/a>\u306e\u3088\u3046\u306a\u69d8\u3005\u306aHTTP\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u4f7f\u7528\u3057\u307e\u3059\u304c\u3001Camel\u306f\u6700\u7d42\u7684\u306b\u3001\u89e3\u6790\u3055\u308c\u305fHTTP\u30e1\u30c3\u30bb\u30fc\u30b8\u3092<a href=\"https:\/\/camel.apache.org\/camel-core\/\" target=\"_blank\" rel=\"noopener\">camel-core<\/a>\u3068\u547c\u3070\u308c\u308b\u30b3\u30a2 \u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u306b\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u3057\u3001\u3055\u3089\u306b\u51e6\u7406\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n<p>Camel\u3068Jetty\u3084Netty\u306e\u3088\u3046\u306aHTTP\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u9593\u306e\u30c7\u30fc\u30bf\u4ea4\u63db\u3092\u5bb9\u6613\u306b\u3059\u308b\u305f\u3081\u306b\u3001\u958b\u767a\u8005\u306fHTTP\u30ec\u30b9\u30dd\u30f3\u30b9 \u30b3\u30fc\u30c9\u306e\u3088\u3046\u306a\u91cd\u8981\u306a\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u60c5\u5831\u3092\u683c\u7d0d\u3059\u308b\u3001\u30ad\u30fc\u3068\u5024\u306e\u30da\u30a2\u3092\u4f7f\u7528\u3059\u308b\u65b9\u6cd5\u3092\u8003\u6848\u3057\u307e\u3057\u305f\u3002HTTP\u30d8\u30c3\u30c0\u30fc\u306f\u51e6\u7406\u3067\u4f7f\u7528\u3055\u308c\u308b\u305f\u3081\u3001Camel\u306fHTTP\u30d8\u30c3\u30c0\u30fc\u3082\u540c\u3058\u30ad\u30fc\u3068\u5024\u306e\u30da\u30a2\u5185\u306b\u683c\u7d0d\u3057\u307e\u3059\u3002\u5185\u90e8\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u60c5\u5831\u3068\u5916\u90e8\u30c7\u30fc\u30bf\u306e\u7af6\u5408\u3092\u907f\u3051\u308b\u305f\u3081\u3001Camel\u306e\u958b\u767a\u8005\u306f\u3059\u3079\u3066\u306e\u5185\u90e8\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8 \u30ad\u30fc\u306bCamel\u30d7\u30ec\u30d5\u30a3\u30c3\u30af\u30b9\u3092\u8ffd\u52a0\u3057\u3001\u5916\u90e8\u30d8\u30c3\u30c0\u30fc\u304c\u554f\u984c\u3092\u5f15\u304d\u8d77\u3053\u3059\u306e\u3092\u9632\u3050\u30d5\u30a3\u30eb\u30bf\u3092\u5b9f\u88c5\u3057\u307e\u3057\u305f(\u56f312)\u3002<\/p>\n<figure id=\"attachment_147173\" aria-describedby=\"caption-attachment-147173\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147173 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP-Figure1.1-786x398.png\" alt=\"HTTP\u30d8\u30c3\u30c0\u30fc\u3068Camel\u30d8\u30c3\u30c0\u30fc\u3068\u3044\u3046\u30e9\u30d9\u30eb\u306e\u4ed8\u3044\u305f2\u3064\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3092\u793a\u3059\u56f3\u3067\u3001\u305d\u308c\u305e\u308cUser-Agent\u3001Host\u3001Accept\u3001CamelExecCommandExecutable\u3001CamelHttpResponseCode\u306e\u3088\u3046\u306a\u7279\u5b9a\u306e\u30d8\u30c3\u30c0\u30fc\u540d\u306e\u4f8b\u3092\u542b\u3093\u3067\u3044\u308b\u3002\" width=\"1000\" height=\"507\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP-Figure1.1-786x398.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP-Figure1.1-1382x700.png 1382w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP-Figure1.1-768x389.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/JP-Figure1.1.png 1421w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-147173\" class=\"wp-caption-text\">\u56f312.\u901a\u5e38\u306eHTTP\u30d8\u30c3\u30c0\u30fc\u3068Apache Camel HTTP\u30d8\u30c3\u30c0\u30fc\u306e\u6bd4\u8f03\u3002<\/figcaption><\/figure>\n<p>\u3057\u304b\u3057\u3001\u30d5\u30a3\u30eb\u30bf\u30fc\u306f\u5927\u6587\u5b57\u3068\u5c0f\u6587\u5b57\u3092\u533a\u5225\u3057\u3066\u52d5\u4f5c\u3059\u308b\u305f\u3081\u3001\u653b\u6483\u8005\u306f\u30d8\u30c3\u30c0\u30fc\u306e\u5927\u6587\u5b57\u3068\u5c0f\u6587\u5b57\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3067\u30d5\u30a3\u30eb\u30bf\u30fc\u3092\u30d0\u30a4\u30d1\u30b9\u3067\u304d\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-146839-_45vxyb4nyfj0\"><\/a>\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u89e3\u6790<\/h3>\n<p>\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001Camel\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30d8\u30c3\u30c0\u30fc \u30d5\u30a3\u30eb\u30bf\u30fc \u30cf\u30f3\u30c9\u30e9\u30fc\u304c\u767b\u9332\u3055\u308c\u3066\u304a\u308a\u3001<span style=\"font-family: 'courier new', courier, monospace;\">Camel\u3001camel\u3001org.apache.camel<\/span>\u3067\u59cb\u307e\u308b\u3059\u3079\u3066\u306e\u30d8\u30c3\u30c0\u884c\u3092\u7121\u8996\u3059\u308b\u3088\u3046\u306b\u30d5\u30a3\u30eb\u30bf\u30fc\u306b\u8981\u6c42\u3057\u307e\u3059\u3002\u3053\u306e\u30b3\u30fc\u30c9\u306f\u3001<span style=\"font-family: 'courier new', courier, monospace;\">components\/camel-http-base\/src\/main\/java\/org\/apache\/camel\/http\/base\/HttpHeaderFilterStrategy.java<\/span>\u306b\u3042\u308a\u307e\u3059(\u56f313\u306b\u8a72\u5f53\u3059\u308b\u30bb\u30b0\u30e1\u30f3\u30c8\u3092\u793a\u3057\u307e\u3059)\u3002<\/p>\n<figure id=\"attachment_146972\" aria-describedby=\"caption-attachment-146972\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146972 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-328211-146839-13.png\" alt=\"HttpHeaderFilterStrategy\u3068\u3044\u3046\u540d\u524d\u306e\u30b3\u30fc\u30c9 \u30b9\u30cb\u30da\u30c3\u30c8\u306e\u753b\u50cf\u3067\u3001HTTP\u30d8\u30c3\u30c0\u30fc\u306e\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u306b\u95a2\u9023\u3059\u308b\u30e1\u30bd\u30c3\u30c9\u3092\u793a\u3057\u3066\u3044\u308b\u3002\u30b3\u30fc\u30c9 \u30b3\u30e1\u30f3\u30c8\u3084\u3001Camel\u30b1\u30fc\u30b9\u3084\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u6307\u5b9a\u3059\u308b\u30d5\u30a3\u30eb\u30bf\u30fc\u6761\u4ef6\u306a\u3069\u306e\u8981\u7d20\u3092\u542b\u3080\u3002\" width=\"800\" height=\"317\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-328211-146839-13.png 1222w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-328211-146839-13-786x311.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-328211-146839-13-768x304.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-146972\" class=\"wp-caption-text\">\u56f313.\u7279\u5b9a\u306e\u30d8\u30c3\u30c0\u30fc\u884c\u3092\u7121\u8996\u3059\u308b\u305f\u3081\u306b\u4f5c\u6210\u3055\u308c\u305f<span style=\"font-family: 'courier new', courier, monospace;\">HttpHeaderFilterStrategy.java<\/span>\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3002<\/figcaption><\/figure>\n<p>Camel\u306fHTTP\u30ea\u30af\u30a8\u30b9\u30c8 \u30d8\u30c3\u30c0\u30fc\u3092\u5217\u6319\u3057\u3001<span style=\"font-family: 'courier new', courier, monospace;\">applyFilterToExternalHeaders<\/span>\u95a2\u6570\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u305d\u3057\u3066\u4ee5\u4e0b\u306e\u56f314\u304c\u793a\u3059\u3088\u3046\u306b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">components\/camel-http-common\/src\/main\/java\/org\/apache\/camel\/http\/common\/DefaultHttpBinding.java<\/span>\u3092\u4f7f\u7528\u3057\u3066\u30d8\u30c3\u30c0\u3092\u5185\u90e8\u30de\u30c3\u30d7\u306b\u66f8\u304d\u8fbc\u307f\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_146983\" aria-describedby=\"caption-attachment-146983\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146983 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-331270-146839-14.png\" alt=\"\u30b5\u30fc\u30d6\u30ec\u30c3\u30c8 \u30ea\u30af\u30a8\u30b9\u30c8\u306eHTTP\u30d8\u30c3\u30c0\u30fc\u3092\u8aad\u307f\u53d6\u308b\u30b3\u30fc\u30c9\u3092\u542b\u3080\u3001\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u306e\u30b3\u30fc\u30c9 \u30b9\u30cb\u30da\u30c3\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8(\u30b3\u30e1\u30f3\u30c8\u3068\u6761\u4ef6\u6587\u304c\u898b\u3048\u308b)\u3002\" width=\"800\" height=\"530\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-331270-146839-14.png 1270w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-331270-146839-14-664x440.png 664w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-331270-146839-14-1056x700.png 1056w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-331270-146839-14-768x509.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-146983\" class=\"wp-caption-text\">\u56f314.<span style=\"font-family: 'courier new', courier, monospace;\">DefaultHttpBinding.java<\/span>\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3002<\/figcaption><\/figure>\n<p>\u30d8\u30c3\u30c0\u30fc \u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0 \u30ed\u30b8\u30c3\u30af\u306f\u3001Camel\u306e\u8a2d\u5b9a\u306b\u57fa\u3065\u3044\u3066\u7570\u306a\u308b\u30de\u30c3\u30c1\u30f3\u30b0\u3092\u884c\u3044\u307e\u3059\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001Camel\u306f<span style=\"font-family: 'courier new', courier, monospace;\">tryHeaderMatch<\/span>\u3092\u4f7f\u7528\u3057\u3066\u30d8\u30c3\u30c0\u30fc\u306e\u5148\u982d\u306e\u307f\u3092\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u4ee5\u4e0b\u306e\u56f315\u304c\u793a\u3059\u3088\u3046\u306b<span style=\"font-family: 'courier new', courier, monospace;\">core\/camel-support\/src\/main\/java\/org\/apache\/camel\/support\/DefaultHeaderFilterStrategy.java<\/span>\u3092\u4ecb\u3057\u3066\u884c\u308f\u308c\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_146994\" aria-describedby=\"caption-attachment-146994\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-146994 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-334767-146839-15.png\" alt=\"HTTP\u30d8\u30c3\u30c0\u30fc \u30d5\u30a3\u30eb\u30bf\u30fc\u3092\u51e6\u7406\u3059\u308b\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\u4e0b\u7dda\u304a\u3088\u3073\u8d64\u3044\u77e2\u5370\u304ctryHeaderMatch\u3092\u793a\u3057\u3066\u3044\u308b\u3002\" width=\"800\" height=\"837\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-334767-146839-15.png 1268w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-334767-146839-15-421x440.png 421w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-334767-146839-15-669x700.png 669w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-334767-146839-15-768x803.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-146994\" class=\"wp-caption-text\">\u56f315.<span style=\"font-family: 'courier new', courier, monospace;\">TryHeaderMatch<\/span>\u3092\u793a\u3059<span style=\"font-family: 'courier new', courier, monospace;\">DefaultHeaderFilterStrategy.java<\/span>\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3002<\/figcaption><\/figure>\n<p>\u653b\u6483\u8005\u304c\u30d8\u30c3\u30c0\u30fc<span style=\"font-family: 'courier new', courier, monospace;\">CAmelExecCommandExecutable<\/span>\u3092<span style=\"font-family: 'courier new', courier, monospace;\">CAmel<\/span>\u3068\u3044\u3046\u5358\u8a9e\u306e\u5927\u6587\u5b57\u306e<span style=\"font-family: 'courier new', courier, monospace;\">A<\/span>\u3092\u4f7f\u3063\u3066\u30aa\u30fc\u30d0\u30fc\u30e9\u30a4\u30c9\u3057\u3001\u958b\u767a\u8005\u304c<span style=\"font-family: 'courier new', courier, monospace;\">camel-exec<\/span>\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3068\u4eee\u5b9a\u3059\u308b\u3068\u3001<span style=\"font-family: 'courier new', courier, monospace;\">camel-exec<\/span>\u306f\u305d\u306e\u5024\u3092\u8aad\u307f\u8fbc\u307f\u3001\u4e0b\u306e\u56f316\u304c\u793a\u3059\u3088\u3046\u306b\u3001c<span style=\"font-family: 'courier new', courier, monospace;\">omponents\/camel-exec\/src\/main\/java\/org\/apache\/camel\/component\/exec\/impl\/DefaultExecBinding.java<\/span>\u3092\u901a\u3057\u3066\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_147005\" aria-describedby=\"caption-attachment-147005\" style=\"width: 800px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147005 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-337601-146839-16.png\" alt=\"\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u306b\u95a2\u9023\u3059\u308b\u30e1\u30bd\u30c3\u30c9\u5b9f\u88c5\u3068\u30d1\u30e9\u30e1\u30fc\u30bf\u51e6\u7406\u3092\u542b\u3080DefaultExecBinding\u30af\u30e9\u30b9\u3092\u7279\u5fb4\u3068\u3059\u308bApache Camel\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306e\u30b3\u30fc\u30c9\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\" width=\"800\" height=\"306\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-337601-146839-16.png 1188w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-337601-146839-16-786x300.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-337601-146839-16-768x293.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-147005\" class=\"wp-caption-text\">\u56f316.<span style=\"font-family: 'courier new', courier, monospace;\">DefaultExecBinding.java<\/span>\u306e\u30b3\u30fc\u30c9 \u30bb\u30b0\u30e1\u30f3\u30c8\u3002<\/figcaption><\/figure>\n<p>\u958b\u767a\u8005\u304c\u3053\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3092\u826f\u6027\u306e\u5b9f\u884c\u30d5\u30a1\u30a4\u30eb\u306b\u8a2d\u5b9a\u3057\u305f\u5834\u5408\u3001\u653b\u6483\u8005\u306f\u30ea\u30d0\u30fc\u30b9\u30b7\u30a7\u30eb\u3092\u4f7f\u3063\u3066\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3092\u5371\u967a\u306a\u30b3\u30de\u30f3\u30c9\u306b\u7f6e\u304d\u63db\u3048\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u305d\u3057\u3066\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u3001\u30ea\u30d0\u30fc\u30b9\u30b7\u30a7\u30eb\u3092\u53d6\u5f97\u3059\u308b\u3053\u3068\u306b\u6210\u529f\u3057\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-146839-_qwcgrm7iz0dq\"><\/a>\u9060\u9694\u6e2c\u5b9a<\/h2>\n<p>2025\u5e743\u6708\u4e2d\u3001\u5f0a\u793e\u304c\u5b9f\u65bd\u3057\u305f\u9060\u9694\u6e2c\u5b9a\u3067\u306f\u3001Tomcat\u306e\u8106\u5f31\u6027CVE-2025-24813\u3001\u304a\u3088\u3073Camel\u306e\u8106\u5f31\u6027CVE-2025-27636\u3001CVE-2025-29891\u306b\u3064\u3044\u3066\u300170\u30f6\u56fd\u4ee5\u4e0a\u304b\u3089\u767a\u4fe1\u3055\u308c\u305f125,856\u4ef6\u306e\u30b9\u30ad\u30e3\u30f3\u3001\u30d7\u30ed\u30fc\u30d6\u3001\u307e\u305f\u306f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002\u56f317\u306e\u30c8\u30ea\u30ac\u30fc \u30c7\u30fc\u30bf\u306e\u5206\u6790\u304c\u793a\u3059\u3088\u3046\u306b\u3001\u3053\u306e\u6d3b\u52d5\u306e\u983b\u5ea6\u306f\u30012025\u5e743\u6708\u4e2d\u65ec\u306b\u3053\u308c\u3089\u306e\u60aa\u7528\u304c\u767a\u8868\u3055\u308c\u305f\u76f4\u5f8c\u306b\u6025\u5897\u3057\u3001\u6700\u521d\u306e1\u9031\u9593\u3067\u30d4\u30fc\u30af\u306b\u9054\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u30c7\u30fc\u30bf\u3088\u308a\u3001\u81ea\u52d5\u5316\u3055\u308c\u305f\u30b9\u30ad\u30e3\u30ca\u30fc\u3068\u30a2\u30af\u30c6\u30a3\u30d6\u306a\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u4e21\u65b9\u304c\u91ce\u653e\u3057\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u304c\u793a\u5506\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_147016\" aria-describedby=\"caption-attachment-147016\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147016 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/chart-4.png\" alt=\"\u30c8\u30ea\u30ac\u30fc\u306e\u6570\u3092\u6642\u7cfb\u5217\u3067\u8868\u3057\u305f\u6298\u308c\u7dda\u30b0\u30e9\u30d5\u3002\u30b0\u30e9\u30d5\u306fX\u8ef8\u306b2025-03-16\u304b\u30892025-03-30\u307e\u3067\u306e\u65e5\u4ed8\u3092\u793a\u3057\u3066\u3044\u308b\u3002\u30c8\u30ea\u30ac\u30fc\u6570\u306f\u5f53\u521d\u5897\u52a0\u3057\u3001\u671f\u9593\u534a\u3070\u3067\u30d4\u30fc\u30af\u306b\u9054\u3057\u3001\u7d42\u4e86\u65e5\u307e\u3067\u6e1b\u5c11\u3092\u898b\u305b\u3066\u3044\u308b\u3002Unit 42\u3068\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u30ed\u30b4\u304c\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u3002\" width=\"1000\" height=\"390\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/chart-4.png 2048w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/chart-4-786x307.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/chart-4-1794x700.png 1794w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/chart-4-768x300.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/chart-4-1536x599.png 1536w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-147016\" class=\"wp-caption-text\">\u56f317.2025\u5e743\u6708\u306b\u691c\u51fa\u3055\u308c\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u6d3b\u52d5\u3002<\/figcaption><\/figure>\n<h3><a id=\"post-146839-_wm4vgdk63yax\"><\/a>\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u306e\u30da\u30a4\u30ed\u30fc\u30c9<\/h3>\n<p>\u5f0a\u793e\u3067\u306f\u3053\u308c\u3089\u306e\u30b9\u30ad\u30e3\u30f3\u3001\u30d7\u30ed\u30fc\u30d6\u3001\u304a\u3088\u3073\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u3092\u8a66\u307f\u308b\u3046\u3048\u3067\u653b\u6483\u8005\u304c\u3053\u308c\u307e\u3067\u306b\u4f7f\u7528\u3057\u305f\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u307e\u3057\u305f\u3002<\/p>\n<p>\u56f318\u306f\u3001Apache Tomcat\u306e\u8106\u5f31\u6027CVE-2025-24813\u306e\u60aa\u7528\u3092\u8a66\u307f\u308b\u30a4\u30cb\u30b7\u30e3\u30ebHTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u4f8b\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u3053\u306e\u7a2e\u306e\u6d3b\u52d5\u306f\u3001\u30b5\u30fc\u30d0\u30fc\u304cTomcat\u306e\u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u3092\u5224\u65ad\u3059\u308b\u305f\u3081\u306e\u30b9\u30ad\u30e3\u30f3\u307e\u305f\u306f\u30d7\u30ed\u30fc\u30d6\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_147027\" aria-describedby=\"caption-attachment-147027\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147027 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343335-146839-18.png\" alt=\"HTTP\u306ePUT\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3067\u3001HashMap\u3068URL\u30af\u30e9\u30b9\u306b\u95a2\u9023\u3059\u308b\u30d8\u30c3\u30c0\u30fc\u3068Java\u30b3\u30fc\u30c9\u306e\u4e00\u90e8\u3092\u793a\u3057\u3066\u3044\u308b\u3002\u30d7\u30e9\u30a4\u30d0\u30b7\u30fc\u4fdd\u8b77\u306e\u305f\u3081\u3001\u4e00\u90e8\u306e\u60c5\u5831\u306f\u7de8\u96c6\u3055\u308c\u3066\u3044\u307e\u3059\u3002\" width=\"700\" height=\"241\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343335-146839-18.png 1322w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343335-146839-18-786x271.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-343335-146839-18-768x265.png 768w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-147027\" class=\"wp-caption-text\">\u56f318.CVE-2025-24813\u3092\u60aa\u7528\u3057\u305fHTTP PUT\u30ea\u30af\u30a8\u30b9\u30c8\u3002<\/figcaption><\/figure>\n<p><a id=\"post-146839-_m9cpwm1ziejb\"><\/a> \u6210\u529f\u3057\u305f\u5834\u5408\u3001\u56f320\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306b\u3088\u3063\u3066\u3001\u88ab\u5bb3\u3092\u53d7\u3051\u305f\u30b5\u30fc\u30d0\u30fc\u306f\u5e2f\u57df\u5916\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c6\u30b9\u30c8(OAST)\u30b5\u30fc \u30d0\u3068\u306e\u63a5\u89e6\u3092\u8a66\u307f\u307e\u3059\u3002<\/p>\n<p>\u56f319\u306f\u3001Apache Camel\u306e\u8106\u5f31\u6027CVE-2025-27636\u3092\u60aa\u7528\u3057\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u6210\u529f\u3059\u308c\u3070\u3001\u30b5\u30fc\u30d0\u30fc\u306fecho\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u653b\u6483\u8005\u304c\u3059\u3067\u306b\u30a2\u30af\u30bb\u30b9\u6a29\u3092\u6301\u3061\u3001echo\u30b3\u30de\u30f3\u30c9\u306e\u7d50\u679c\u3092\u898b\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u5834\u5408\u306b\u3001Apache Camel\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u30b5\u30fc\u30d0\u30fc\u3092\u30c6\u30b9\u30c8\u3059\u308b\u65b9\u6cd5\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_147038\" aria-describedby=\"caption-attachment-147038\" style=\"width: 500px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147038 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-345722-146839-19.png\" alt=\"Host\u3001User-Agent\u304ccurl\/7.61.1\u3001Accept\u304cany type\u306b\u8a2d\u5b9a\u3055\u308c\u305fHTTP GET\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\u4e00\u90e8\u306e\u60c5\u5831\u306f\u7de8\u96c6\u3055\u308c\u3066\u3044\u308b\u3002\" width=\"500\" height=\"113\" \/><figcaption id=\"caption-attachment-147038\" class=\"wp-caption-text\">\u56f319.CVE-2025-27636\u306b\u5bfe\u3059\u308bApache Camel\u304b\u3089\u306e HTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3002<\/figcaption><\/figure>\n<p><a id=\"post-146839-_tjp6yhngcbte\"><\/a> \u56f320\u306f\u3001Apache Camel\u306e\u8106\u5f31\u6027CVE-2025-29891\u3092\u60aa\u7528\u3057\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u793a\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u56f320\u306b\u793a\u3057\u305fApache Tomcat\u306b\u5bfe\u3059\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u306e\u3088\u3046\u306b\u3001\u3053\u306eApache Camel\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u3001\u8106\u5f31\u306a\u30b5\u30fc\u30d0\u30fc\u306bOAST\u30b5\u30fc\u30d0\u30fc\u306b\u30b3\u30f3\u30bf\u30af\u30c8\u3059\u308b\u3088\u3046\u306b\u8981\u6c42\u3057\u307e\u3059\u3002<\/p>\n<figure id=\"attachment_147049\" aria-describedby=\"caption-attachment-147049\" style=\"width: 700px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147049 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-348071-146839-20.png\" alt=\"URL\u306e\u4e00\u90e8\u304c \u300chttp:\/\/\u300d\u3068\u3057\u3066\u8868\u793a\u3055\u308c\u3066\u3044\u308bGET\u3068POST\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u4f8b\u3092\u793a\u3059\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3002\u60c5\u5831\u306e\u4e00\u90e8\u306f\u6d88\u53bb\u3055\u308c\u3066\u3044\u308b\u3002\" width=\"700\" height=\"74\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-348071-146839-20.png 1644w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-348071-146839-20-786x83.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-348071-146839-20-768x81.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-348071-146839-20-1536x163.png 1536w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><figcaption id=\"caption-attachment-147049\" class=\"wp-caption-text\">\u56f320.CVE-2025-29891\u306b\u5bfe\u3059\u308bApache Camel\u304b\u3089\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3002<\/figcaption><\/figure>\n<h3><a id=\"post-146839-_qdwg8790d6mu\"><\/a>\u5b9f\u969b\u306b\u767a\u751f\u3057\u305fCVE-2025-24813\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8<\/h3>\n<p>\u8106\u5f31\u6027\u30ab\u30d0\u30ec\u30c3\u30b8\u306e\u516c\u958b\u5f8c\u3001Apache Tomcat\u306e\u8106\u5f31\u6027CVE-2025-24813\u306b\u5bfe\u3057\u3066\u30017,859 \u4ef6\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u3067\u306f\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u306e\u9577\u3055\u3068<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u30fc\u306e\u5024\u3068\u3044\u30462\u3064\u306e\u89b3\u70b9\u304b\u3089\u3001\u3053\u306e\u6d3b\u52d5\u3092\u5206\u6790\u3057\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-146839-_yjdn4n9wbo8b\"><\/a>Tomcat\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u306e\u9577\u3055<\/h4>\n<p>\u4ee5\u524d\u306e\u5206\u6790\u3067\u8ff0\u3079\u305f\u3088\u3046\u306b\u3001CVE-2025-24813\u306b\u5bfe\u3059\u308b\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306f\u3001\u6700\u521d\u306eHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u300c<span style=\"font-family: 'courier new', courier, monospace;\">.sesson<\/span>\u300d\u3092\u4ed8\u52a0\u3057\u305f\u540d\u524d\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002\u3053\u306e<span style=\"font-family: 'courier new', courier, monospace;\">.session<\/span>\u30d5\u30a1\u30a4\u30eb\u306b\u306f\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u6210\u529f\u3057\u305f\u5834\u5408\u306b\u8106\u5f31\u306a\u30db\u30b9\u30c8\u304c\u5b9f\u884c\u3059\u308b\u30b3\u30fc\u30c9\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u306e\u63a5\u982d\u8f9e\u306e\u307b\u3068\u3093\u3069\u306f10\u6587\u5b57\u672a\u6e80\u3067\u3042\u308a\u3001\u5b9f\u65bd\u3057\u305f\u9060\u9694\u6e2c\u5b9a\u304b\u3089\u3001\u56f321\u304c\u793a\u3059\u3088\u3046\u306b\u3001\u6700\u3082\u4e00\u822c\u7684\u306a\u63a5\u982d\u8f9e\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u3068\u3057\u30666\u6587\u5b57\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<figure id=\"attachment_147060\" aria-describedby=\"caption-attachment-147060\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147060 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350432-146839-21.png\" alt=\"\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u306e\u6587\u5b57\u6570\u3092\u793a\u3059\u68d2\u30b0\u30e9\u30d5\u3002X\u8ef8\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u306e\u30ab\u30a6\u30f3\u30c8\u3092\u8868\u3057\u3001Y\u8ef8\u306f4\u6587\u5b57\u672a\u6e80\u304b\u308910\u6587\u5b57\u4ee5\u4e0a\u307e\u3067\u306e\u6587\u5b57\u6570\u306e\u7bc4\u56f2\u3092\u793a\u3057\u3066\u3044\u308b\u3002Unit 42\u3068\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u30ed\u30b4\u304c\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u3002\" width=\"1000\" height=\"542\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350432-146839-21.png 2048w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350432-146839-21-786x426.png 786w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350432-146839-21-1290x700.png 1290w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350432-146839-21-768x417.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-350432-146839-21-1536x833.png 1536w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-147060\" class=\"wp-caption-text\">\u56f321.CVE-2025-24813\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u306b\u304a\u3051\u308b\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u306e\u9577\u3055\u306e\u50be\u5411\u3002<\/figcaption><\/figure>\n<p>\u5f0a\u793e\u306f6,000\u4ef6\u4ee5\u4e0a\u306e\u691c\u51fa\u3067\u3001\u3053\u306e6\u6587\u5b57\u3068\u3044\u3046\u30d1\u30bf\u30fc\u30f3\u306e\u9577\u3055\u306b\u6ce8\u76ee\u3057\u307e\u3057\u305f\u3002\u306a\u305c\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u306e\u5927\u534a\u3067\u30016\u6587\u5b57\u306e\u6587\u5b57\u5217\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u304c\u4f7f\u308f\u308c\u3066\u3044\u308b\u306e\u304b\uff1f\u3053\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3 \u30d1\u30bf\u30fc\u30f3\u306f<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u30d8\u30c3\u30c0\u30fc\u3068\u95a2\u9023\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h4><a id=\"post-146839-_r5acbs9tciol\"><\/a>Tomcat\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u7bc4\u56f2\u30d8\u30c3\u30c0\u30fc<\/h4>\n<p>CVE-2025-24813\u306eTomcat\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u89e3\u6790\u3067\u8ff0\u3079\u305f\u3088\u3046\u306b\u3001<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u306eHTTP\u30d8\u30c3\u30c0\u30fc\u304c\u3053\u306e\u8106\u5f31\u6027\u306e\u91cd\u8981\u306a\u8981\u56e0\u3068\u306a\u308a\u307e\u3059\u3002\u56f322\u306f\u3001\u7570\u306a\u308b<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range<\/span>\u5024\u3092\u30b0\u30eb\u30fc\u30d7\u5316\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_147071\" aria-describedby=\"caption-attachment-147071\" style=\"width: 1000px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147071 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353942-146839-22.png\" alt=\"\u7570\u306a\u308b\u30d0\u30a4\u30c8\u7bc4\u56f2\u306e\u30ab\u30a6\u30f3\u30c8\u3092\u793a\u3059\u6a2a\u68d2\u30b0\u30e9\u30d5\u3067\u3001\u30ab\u30c6\u30b4\u30ea\u30fc\u3054\u3068\u306b\u30ab\u30a6\u30f3\u30c8\u304c\u7570\u306a\u308b\u3002Unit 42\u3068\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u30ed\u30b4\u304c\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u3002\" width=\"1000\" height=\"619\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353942-146839-22.png 2048w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353942-146839-22-711x440.png 711w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353942-146839-22-1131x700.png 1131w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353942-146839-22-768x476.png 768w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-353942-146839-22-1536x951.png 1536w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><figcaption id=\"caption-attachment-147071\" class=\"wp-caption-text\">\u56f322.CVE-2025-24813\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u653b\u6483\u3067\u898b\u3089\u308c\u305fContent-Range\u5024\u306e\u50be\u5411\u3002<\/figcaption><\/figure>\n<p>\u9060\u9694\u6e2c\u5b9a\u306b\u3088\u308b6,000\u4ef6\u4ee5\u4e0a\u306e\u691c\u51fa\u3067\u3001<span style=\"font-family: 'courier new', courier, monospace;\">Content-Range: bytes 0-452\/457<\/span>\u3068\u3044\u3046\u30d8\u30c3\u30c0\u304c\u78ba\u8a8d\u3055\u308c\u307e\u3057\u305f\u3002\u3053\u306e\u691c\u51fa\u7d50\u679c\u306f\u30016\u6587\u5b57\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u540d\u3068\u76f8\u95a2\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u30892\u3064\u306e\u691c\u51fa\u7d50\u679c\u306f\u3001GitHub\u3067\u5229\u7528\u53ef\u80fd\u306a<a href=\"https:\/\/github.com\/projectdiscovery\/nuclei\" target=\"_blank\" rel=\"noopener\">Nuclei\u30b9\u30ad\u30e3\u30ca\u30fc<\/a>\u306e<a href=\"https:\/\/github.com\/projectdiscovery\/nuclei-templates\/blob\/99289657b8d7c150b1c716d43fc0458daff2bbbb\/http\/cves\/2025\/CVE-2025-24813.yaml#L54\" target=\"_blank\" rel=\"noopener\">CVE-2025-24813\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8<\/a>\u306e\u30d1\u30bf\u30fc\u30f3\u3068\u4e00\u81f4\u3057\u307e\u3059\u3002\u56f323\u306f\u5f0a\u793e\u306e\u8abf\u67fb\u7d50\u679c\u3068\u306e\u76f8\u95a2\u3092\u5f37\u8abf\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/p>\n<figure id=\"attachment_147082\" aria-describedby=\"caption-attachment-147082\" style=\"width: 746px\" class=\"wp-caption alignnone\"><img  class=\"wp-image-147082 lozad\"  data-src=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356900-146839-23.png\" alt=\"HTTP\u30bb\u30c3\u30b7\u30e7\u30f3\u3068Python\u5909\u6570\u306b\u95a2\u9023\u3059\u308b\u884c\u304c\u30cf\u30a4\u30e9\u30a4\u30c8\u3055\u308c\u305f\u30b3\u30fc\u30c9\u3092\u8868\u793a\u3059\u308b\u30c6\u30ad\u30b9\u30c8 \u30a8\u30c7\u30a3\u30bf\u306e\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u30023\u3064\u306e\u30bb\u30af\u30b7\u30e7\u30f3\u306f\u8d64\u67a0\u3067\u5f37\u8abf\u3055\u308c\u3066\u3044\u3066\u3001\u305d\u308c\u305e\u308c\u30d5\u30a1\u30a4\u30eb\u540d\u3001PUT\u3001Content-range\u3067\u3042\u308b\u3002\" width=\"746\" height=\"464\" srcset=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356900-146839-23.png 746w, https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/word-image-356900-146839-23-707x440.png 707w\" sizes=\"(max-width: 746px) 100vw, 746px\" \/><figcaption id=\"caption-attachment-147082\" class=\"wp-caption-text\">\u56f323.<a href=\"https:\/\/github.com\/projectdiscovery\/nuclei-templates\/blob\/99289657b8d7c150b1c716d43fc0458daff2bbbb\/http\/cves\/2025\/CVE-2025-24813.yaml#L54\" target=\"_blank\" rel=\"noopener\">nuclei-templates<\/a> GitH\u30ea\u30dd\u30b8\u30c8\u30ea\u306b\u3042\u308bCVE-2025-24813\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306e\u30bb\u30b0\u30e1\u30f3\u30c8\u3002<\/figcaption><\/figure>\n<p>\u3064\u307e\u308a\u3001\u3053\u308c\u307e\u3067\u306b\u898b\u305fCVE-2025-24813\u306e\u30b9\u30ad\u30e3\u30f3\u306e\u591a\u304f\u306f\u3001Nuclei Scanner\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u5206\u304b\u308a\u307e\u3059\u3002\u3053\u308c\u306f\u7406\u89e3\u3067\u304d\u308b\u3082\u306e\u3067\u3001Nuclei\u306fMIT\u30e9\u30a4\u30bb\u30f3\u30b9\u3067\u8ab0\u3067\u3082\u81ea\u7531\u306b\u4f7f\u3048\u308b\u30b9\u30ad\u30e3\u30ca\u30fc\u3067\u3082\u3042\u308b\u304b\u3089\u3067\u3059\u3002\u653b\u6483\u8005\u3082\u9632\u5fa1\u8005\u3082\u3001\u304a\u305d\u3089\u304f\u3053\u306e\u30b9\u30ad\u30e3\u30ca\u30fc\u3068\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u4f7f\u3063\u3066\u8106\u5f31\u6027\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u63a8\u5bdf\u3055\u308c\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-146839-_2an8ryq91inv\"><\/a>\u7d50\u8ad6<\/h2>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u66f8\u304d\u8fbc\u307f(\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u7121\u52b9)\u304a\u3088\u3073Partial PUT(\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u6709\u52b9)\u3092\u8a31\u53ef\u3059\u308bApache Tomcat\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u306f\u3001CVE-2025-24813\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u7279\u5b9a\u306e\u30b3\u30f3\u30dd\u30fc\u30cd\u30f3\u30c8\u3092\u4f7f\u7528\u3059\u308bApache Camel\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u306f\u3001CVE-2025-27636\u304a\u3088\u3073CVE-2025-29891\u306e\u8106\u5f31\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u8106\u5f31\u6027\u306b\u306f\u91cd\u5927\u306a\u6b20\u9665\u304c\u3042\u308b\u305f\u3081\u3001\u91cd\u5927\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ea\u30b9\u30af\u304c\u5b58\u5728\u3057\u3066\u304a\u308a\u3001\u653b\u6483\u8005\u306f\u7279\u5225\u306b\u7d30\u5de5\u3057\u305fHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u901a\u3058\u3066\u3001\u3053\u308c\u3089\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u3088\u3046\u306a\u60aa\u7528\u306f\u3001\u6f5c\u5728\u7684\u306a\u30ea\u30e2\u30fc\u30c8 \u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\u3059\u308b\u3060\u3051\u3067\u306a\u304f\u3001\u30c7\u30fc\u30bf\u4fb5\u5bb3\u3084\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u3067\u306e\u6a2a\u65b9\u5411\u306e\u79fb\u52d5\u306a\u3069\u3001\u3088\u308a\u5e83\u7bc4\u306a\u8105\u5a01\u3092\u3082\u305f\u3089\u3059\u3082\u306e\u3067\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u305f\u3081\u306bNuclei Scanner\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u306f\u3001\u30b9\u30ad\u30eb\u306e\u4f4e\u3044\u6575\u304c\u3053\u306e\u3088\u3046\u306a\u8106\u5f31\u6027\u3092\u5bb9\u6613\u306b\u5229\u7528\u3067\u304d\u308b\u3053\u3068\u3092\u5f37\u8abf\u3059\u308b\u3082\u306e\u3067\u3042\u308a\u3001\u65e9\u6025\u306a\u5bfe\u5fdc\u304c\u91cd\u8981\u3068\u3055\u308c\u307e\u3059\u3002<\/p>\n<h3><a id=\"post-146839-_lsbythhc3nz9\"><\/a>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u4fdd\u8b77\u3068\u7de9\u548c\u7b56<\/h3>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u304a\u5ba2\u69d8\u306f\u3001\u4ee5\u4e0b\u306e\u88fd\u54c1\u3092\u901a\u3058\u3066\u3001\u4e0a\u8a18\u306e\u8105\u5a01\u306b\u5bfe\u3059\u308b\u78ba\u5b9f\u306a\u4fdd\u8b77\u3092\u69cb\u7bc9\u3044\u305f\u3060\u3051\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/docs.paloaltonetworks.com\/advanced-threat-prevention\/administration\" target=\"_blank\" rel=\"noopener\">Advanced Threat Prevention<\/a>\u3092\u5099\u3048\u305f<a href=\"https:\/\/docs.paloaltonetworks.com\/ngfw\" target=\"_blank\" rel=\"noopener\">\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb<\/a>\u306e\u30b5\u30d6\u30b9\u30af\u30ea\u30d7\u30b7\u30e7\u30f3\u306f\u3001\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u306b\u5f93\u3063\u3066\u3044\u308b\u5834\u5408\u3001\u4ee5\u4e0b\u306eThreat Prevention\u30b7\u30b0\u30cd\u30c1\u30e3\u3092\u4ecb\u3057\u3066\u3001\u95a2\u9023\u3059\u308b\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u7279\u5b9a\u3057\u3001\u30d6\u30ed\u30c3\u30af\u3057\u307e\u3059\u300296315<\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xpanse\" target=\"_blank\" rel=\"noopener\">Cortex Xpanse<\/a>\u304a\u3088\u3073 <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xsiam\" target=\"_blank\" rel=\"noopener\">Cortex XSIAM<\/a>\u306f\u3001\u300cTomcat Web Server\u300d\u30a2\u30bf\u30c3\u30af\u30b5\u30fc\u30d5\u30a7\u30b9 \u30eb\u30fc\u30eb\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u5916\u90e8\u306b\u9762\u3057\u305fApache Tomcat\u30b5\u30fc\u30d0\u30fc\u3092\u8b58\u5225\u3067\u304d\u307e\u3059\u3002\u8105\u5a01\u30ec\u30b9\u30dd\u30f3\u30b9 \u30bb\u30f3\u30bf\u30fc\u3092\u901a\u3058\u3066\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u8cc7\u7523\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u3082\u53ef\u80fd\u3067\u3059\u3002<\/li>\n<\/ul>\n<p>\u60c5\u5831\u6f0f\u3048\u3044\u306e\u53ef\u80fd\u6027\u304c\u3042\u308b\u5834\u5408\u3001\u307e\u305f\u306f\u7dca\u6025\u306e\u6848\u4ef6\u304c\u3042\u308b\u5834\u5408\u306f<a href=\"https:\/\/start.paloaltonetworks.com\/contact-unit42.html\" target=\"_blank\" rel=\"noopener\">\u3001Unit 42\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8 \u30ec\u30b9\u30dd\u30f3\u30b9 \u30c1\u30fc\u30e0<\/a>\u307e\u3067\u3054\u9023\u7d61\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li>\u5317\u7c73: \u30d5\u30ea\u30fc\u30c0\u30a4\u30e4\u30eb: +1 (866) 486-4842 (866.4.UNIT42)<\/li>\n<li>\u82f1\u56fd: +44.20.3743.3660<\/li>\n<li>\u30e8\u30fc\u30ed\u30c3\u30d1\u304a\u3088\u3073\u4e2d\u6771: +31.20.299.3130<\/li>\n<li>\u30a2\u30b8\u30a2: +65.6983.8730<\/li>\n<li>\u65e5\u672c: +81.50.1790.0200<\/li>\n<li>\u30aa\u30fc\u30b9\u30c8\u30e9\u30ea\u30a2: +61.2.4062.7950<\/li>\n<li>\u30a4\u30f3\u30c9: 00080005045107<\/li>\n<\/ul>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u3001\u672c\u8abf\u67fb\u7d50\u679c\u3092\u30b5\u30a4\u30d0\u30fc\u8105\u5a01\u30a2\u30e9\u30a4\u30a2\u30f3\u30b9(CTA)\u306e\u30e1\u30f3\u30d0\u30fc\u3068\u5171\u6709\u3057\u3066\u3044\u307e\u3059\u3002CTA\u306e\u4f1a\u54e1\u306f\u3001\u3053\u306e\u60c5\u5831\u3092\u5229\u7528\u3057\u3066\u3001\u305d\u306e\u9867\u5ba2\u306b\u5bfe\u3057\u3066\u8fc5\u901f\u306b\u4fdd\u8b77\u3092\u63d0\u4f9b\u3057\u3001\u60aa\u610f\u306e\u3042\u308b\u30b5\u30a4\u30d0\u30fc \u30a2\u30af\u30bf\u30fc\u3092\u7d44\u7e54\u7684\u306b\u59a8\u5bb3\u3057\u3066\u3044\u307e\u3059\u3002<a href=\"https:\/\/www.cyberthreatalliance.org\" target=\"_blank\" rel=\"noopener\">\u30b5\u30a4\u30d0\u30fc\u8105\u5a01\u30a2\u30e9\u30a4\u30a2\u30f3\u30b9<\/a>\u306b\u3064\u3044\u3066\u8a73\u7d30\u3092\u898b\u308b\u3002<\/p>\n<h2><a id=\"post-146839-_v8176g40kstn\"><\/a>\u4fb5\u5bb3\u306e\u30a4\u30f3\u30b8\u30b1\u30fc\u30bf\u30fc<\/h2>\n<h3><a id=\"post-146839-_4yf48ojrhctx\"><\/a>CVE-2025-24813<\/h3>\n<h4><a id=\"post-146839-_ailaa4jgu1yd\"><\/a>CVE-2025-24813\u3067\u78ba\u8a8d\u3055\u308c\u305f\u30bd\u30fc\u30b9IP\u30a2\u30c9\u30ec\u30b9<\/h4>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">54.193.62[.]84<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">96.113.95[.]10<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">209.189.232[.]134<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">162.241.149[.]101<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">167.172.67[.]75<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">100.65.135[.]245<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">138.197.82[.]147<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">123.16.159[.]102<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">193.53.40[.]18<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">91.208.206[.]203<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">212.56.34[.]85<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">195.164.49[.]70<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">185.91.127[.]9<\/span><\/li>\n<\/ul>\n<h4><a id=\"post-146839-_dfa1n2r6rp8o\"><\/a>\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3URL - CVE-2025-24813<\/h4>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">PUT \/qdigu\/session<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">PUT \/UlOLJo.session<\/span><\/li>\n<\/ul>\n<h4><a id=\"post-146839-_d9n3ncvscov1\"><\/a>\u30da\u30a4\u30ed\u30fc\u30c9 \u30b5\u30f3\u30d7\u30eb\u306eSHA256\u30cf\u30c3\u30b7\u30e5<\/h4>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">6a9a0a3f0763a359737da801a48c7a0a7a75d6fa810418216628891893773540<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">6b7912e550c66688c65f8cf8651b638defc4dbeabae5f0f6a23fb20d98333f6b<\/span><\/li>\n<\/ul>\n<h3><a id=\"post-146839-_wne986rdblq\"><\/a>CVE-2025-27636, CVE-2025-29891<\/h3>\n<h4><a id=\"post-146839-_rkyr6ha7rewo\"><\/a>\u9001\u4fe1\u5143IP\u30a2\u30c9\u30ec\u30b9(CVE-2025-27636\u3001CVE-2025-29891\u3067\u78ba\u8a8d)<\/h4>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">30.153.178[.]49<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">54.147.173[.]17<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">54.120.8[.]214<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">139.87.112[.]169<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">139.87.112[.]115<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">64.39.98[.]52<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">139.87.112[.]98<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">139.87.113[.]24<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">64.39.98[.]139<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">54.96.66[.]57<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">138.197.82[.]147<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">22.85.196[.]34<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">64.39.98[.]245<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">64.39.98[.]9<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">54.120.8[.]207<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">130.212.99[.]156<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">139.87.112[.]121<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">139.87.113[.]26<\/span><\/li>\n<\/ul>\n<h4><a id=\"post-146839-_gpwvawiwaysg\"><\/a>CVE-2025-27636\u3001CVE-2025-29891\u306e\u30a2\u30af\u30c6\u30a3\u30d3\u30c6\u30a3 \u30d8\u30c3\u30c0\u30fc<\/h4>\n<ul>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">CAmelHttpResponseCode<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">CAmelExecCommandExecutable<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">CAmelExecCommandArgs<\/span><\/li>\n<li><span style=\"font-family: 'courier new', courier, monospace;\">CAmelBeanMethodName<\/span><\/li>\n<\/ul>\n<h2><a id=\"post-146839-_570cbe1pdhwx\"><\/a>\u305d\u306e\u4ed6\u306e\u8cc7\u6599<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc9110.html#name-partial-put\" target=\"_blank\" rel=\"noopener\">RFC9110<\/a> \u2013 RFC Editor<\/li>\n<li><a href=\"https:\/\/github.com\/apache\/tomcat\" target=\"_blank\" rel=\"noopener\">Apache Tomcat<\/a> - Apache Foundation<\/li>\n<li><a href=\"https:\/\/github.com\/apache\/camel\" target=\"_blank\" rel=\"noopener\">Apache Camel<\/a> - Apache Foundation<\/li>\n<li><a href=\"https:\/\/github.com\/projectdiscovery\/nuclei-templates\/\" target=\"_blank\" rel=\"noopener\">Nuclei\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8<\/a> - ProjectDiscovery<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002<\/p>\n","protected":false},"author":340,"featured_media":144819,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4428,4470],"tags":[6839,9347,9348,9349,4853],"product_categories":[4441,4442,4443,4446,4447,4448,4450,4456,4465],"coauthors":[9250,9251,3736,2070],"class_list":["post-146839","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threat-research-ja","category-vulnerabilities-ja","tag-apache-ja","tag-cve-2025-24813-ja","tag-cve-2025-27636-ja","tag-cve-2025-29891-ja","tag-remote-code-execution-ja","product_categories-advanced-dns-security-ja","product_categories-advanced-threat-prevention-ja","product_categories-advanced-url-filtering-ja","product_categories-cloud-delivered-security-services-ja","product_categories-cortex-ja","product_categories-cortex-xdr-ja","product_categories-cortex-xsiam-ja","product_categories-next-generation-firewall-ja","product_categories-unit-42-incident-response-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af<\/title>\n<meta name=\"description\" content=\"CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002 CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af\" \/>\n<meta property=\"og:description\" content=\"CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002 CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-03T14:04:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-16T13:51:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/06_Vulnerabilities_1920x900.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jun Li, Qiang Liu, Yiheng An, Haozhe Zhang\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af","description":"CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002 CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/","og_locale":"ja_JP","og_type":"article","og_title":"Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af","og_description":"CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002 CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/","og_site_name":"Unit 42","article_published_time":"2025-07-03T14:04:02+00:00","article_modified_time":"2025-07-16T13:51:40+00:00","og_image":[{"width":1920,"height":900,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/06_Vulnerabilities_1920x900.jpg","type":"image\/jpeg"}],"author":"Jun Li, Qiang Liu, Yiheng An, Haozhe Zhang","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/"},"author":{"name":"Haozhe Zhang","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a55d18d178eaf2a45f790ec5af0356c0"},"headline":"Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af","datePublished":"2025-07-03T14:04:02+00:00","dateModified":"2025-07-16T13:51:40+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/"},"wordCount":734,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/06_Vulnerabilities_1920x900.jpg","keywords":["Apache","CVE-2025-24813","CVE-2025-27636","CVE-2025-29891","Remote Code Execution"],"articleSection":["\u8105\u5a01\u30ea\u30b5\u30fc\u30c1","\u8106\u5f31\u6027"],"inLanguage":"ja"},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/","name":"Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/#primaryimage"},"thumbnailUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/06_Vulnerabilities_1920x900.jpg","datePublished":"2025-07-03T14:04:02+00:00","dateModified":"2025-07-16T13:51:40+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a55d18d178eaf2a45f790ec5af0356c0"},"description":"CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002 CVE-2025-24813(Tomcat Partial PUT RCE)\u3001CVE-2025-27636\u3001CVE-2025-29891(Camel Header Hijack RCE)\u3092\u5206\u6790\u3057\u307e\u3059\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/#primaryimage","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/06_Vulnerabilities_1920x900.jpg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2025\/07\/06_Vulnerabilities_1920x900.jpg","width":1920,"height":900,"caption":"Pictorial representation of CVEs such as CVE-2025-24813, CVE-2025-27636, CVE-2025-29891. Digital illustration of the United States with glowing connections and data flows across a map, symbolizing network connectivity and information technology."},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"Apache\u3092\u5fb9\u5e95\u691c\u8a3c: Tomcat Partial PU\u3068Camel\u306b\u3088\u308b\u30d8\u30c3\u30c0\u30fc \u30cf\u30a4\u30b8\u30e3\u30c3\u30af"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/a55d18d178eaf2a45f790ec5af0356c0","name":"Haozhe Zhang","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/4ffb3c2d260a0150fb91b3715442f8b3","url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Haozhe Zhang"},"jobTitle":"Principle Security Researcher","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/author\/haozhe-zhang\/"}]}},"_links":{"self":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/146839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/340"}],"replies":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=146839"}],"version-history":[{"count":8,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/146839\/revisions"}],"predecessor-version":[{"id":147219,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/146839\/revisions\/147219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/144819"}],"wp:attachment":[{"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=146839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=146839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=146839"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=146839"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=146839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}