'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'
One PUT request, one poisoned session file, and the server's yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure....