CVE-2024-50379

Summary

CVE-2024-50379 is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability identified in Apache Tomcat's JSP compilation process. This issue allows remote code execution (RCE) on case insensitive file systems when the default servlet is enabled for write, which is a non-default configuration. The affected versions include Apache Tomcat 11.0.0-M1 through 11.0.1, 10.1.0-M1 through 10.1.33, and 9.0.0.M1 through 9.0.97. To mitigate this risk, users are strongly advised to upgrade to the latest versions, specifically Apache Tomcat 11.0.2, 10.1.34, or 9.0.98, which have been released to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.