Critical vulnerability detected in Apache Tomcat

Critical vulnerability in Apache Tomcat

Date

Nacl, WHOAMI, Yemoli and Ruozhi have discovered a critical severity vulnerability (CVE-2024-50379) in Apache Tomcat that could allow remote code execution (RCE) if the default servlet is write-enabled for a case-insensitive file system.

A simultaneous read and upload of the same file could bypass Tomcat’s case-sensitive checks and cause the uploaded file to be treated as a JSP, allowing remote code execution.

To fix this vulnerability update to the following versions: 11.0.2, 10.1.34, 9.0.98, or any later version.

If you want to know more details, you can consult the corresponding advisory at the following link.

For more warnings, please follow the Incibe website.

Request a demo

Request a demo