9.8
CRITICAL CVSS 3.1
CVE-2024-50379
Apache Tomcat TOCTOU Race Condition RCE on Case Insensitive File Systems
Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

INFO

Published Date :

Dec. 17, 2024, 1:15 p.m.

Last Modified :

Aug. 8, 2025, 12:15 p.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2024-50379 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Netapp bootstrap_os
2 Netapp hci_compute_node
1 Apache tomcat
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
Upgrade Apache Tomcat or other affected packages to address the time-of-check/time-of-use vulnerability.
  • Upgrade to Apache Tomcat version 9.0.98, 10.1.34, or 11.0.2.
  • Update affected packages and Linux packages.
  • For Nutanix, upgrade AOS software to the recommended version.
Public PoC/Exploit Available at Github

CVE-2024-50379 has a 46 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-50379.

URL Resource
https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/12/17/4 Mailing List
http://www.openwall.com/lists/oss-security/2024/12/18/2 Mailing List
https://security.netapp.com/advisory/ntap-20250103-0003/ Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-50379 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-50379 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 15, 2025, 9:07 a.m. This repo has been linked 310 different CVEs too.

备份的漏洞库,3月开始我们来维护

Updated: 1 month, 1 week ago
2 stars 0 fork 0 watcher
Born at : June 30, 2025, 9:14 a.m. This repo has been linked 216 different CVEs too.

None

Updated: 1 month, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : June 29, 2025, 1:36 a.m. This repo has been linked 19 different CVEs too.

None

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 15, 2025, 2:32 a.m. This repo has been linked 216 different CVEs too.

None

cve-2024-50379

Python

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 14, 2025, 7:38 a.m. This repo has been linked 1 different CVEs too.

Cve exploiting

cve-2024 cve-2024-50379 cve-poc

Python

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 14, 2025, 7:23 a.m. This repo has been linked 1 different CVEs too.

CVE POC repo 자동 수집기

Python

Updated: 13 hours, 32 minutes ago
0 stars 1 fork 1 watcher
Born at : June 8, 2025, 3:07 p.m. This repo has been linked 125 different CVEs too.

None

Updated: 2 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : May 30, 2025, 2:59 a.m. This repo has been linked 213 different CVEs too.

Guida alla soluzione delle CTF

Updated: 3 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : May 26, 2025, 5:55 p.m. This repo has been linked 6 different CVEs too.

Smith: It's a security Agent Written with Scala 3.x

Scala Shell

Updated: 2 months, 4 weeks ago
0 stars 0 fork 0 watcher
Born at : May 25, 2025, 7:15 p.m. This repo has been linked 22 different CVEs too.

None

HTML

Updated: 3 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : May 6, 2025, 2:20 a.m. This repo has been linked 201 different CVEs too.

None

Python

Updated: 3 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : April 26, 2025, 12:23 a.m. This repo has been linked 3 different CVEs too.

wy876

Python

Updated: 1 month, 2 weeks ago
8 stars 2 fork 2 watcher
Born at : April 11, 2025, 4:25 a.m. This repo has been linked 209 different CVEs too.

None

Python

Updated: 4 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : March 30, 2025, 5:15 p.m. This repo has been linked 1 different CVEs too.

None

Dockerfile JavaScript Shell

Updated: 4 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : March 29, 2025, 8:54 p.m. This repo has been linked 9 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-50379 vulnerability anywhere in the article.

  • Daily CyberSecurity
Patch Now: Apache Tomcat Fixes Session Fixation and ‘MadeYouReset’ Flaws

The Apache Tomcat Project has issued important updates addressing two significant vulnerabilities affecting multiple supported versions of the popular open-source application server. The flaws — CVE-2 ... Read more

Published Date: Aug 15, 2025 (1 week, 2 days ago)
  • BleepingComputer
Brute-force attacks target Apache Tomcat management panels

A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. Tomcat is a popular open-source web server widely used by l ... Read more

Published Date: Jun 11, 2025 (2 months, 1 week ago)
  • The Register
Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps

Infosec in brief Apple has responded to the UK government's demand for access to its customers’ data stored in iCloud by deciding to turn off its Advanced Data Protection (ADP) end-to-end encryption s ... Read more

Published Date: Feb 24, 2025 (6 months ago)
  • security.nl
Atlassian waarschuwt voor kritieke Tomcat-kwetsbaarheden in Confluence

Softwarebedrijf Atlassian waarschuwt voor twee kritieke kwetsbaarheden in Confluence Data Center en Server waardoor remote code execution mogelijk is. De impact van de twee kwetsbaarheden (CVE-2024-50 ... Read more

Published Date: Feb 20, 2025 (6 months ago)
  • TheCyberThrone
CVE-2025-24480 impacts Rockwell Automation

CVE-2025-24480 is a critical vulnerability that has been identified in FactoryTalk View Machine Edition, a widely used industrial automation software from Rockwell Automation. This vulnerability is pa ... Read more

Published Date: Feb 02, 2025 (6 months, 3 weeks ago)
  • TheCyberThrone
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – January 2025

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending January 2025Subscribers favorite #1Exploit Code ... Read more

Published Date: Feb 01, 2025 (6 months, 3 weeks ago)
  • TheCyberThrone
CVE-2024-53299 impacts Apache Wicket

BackgroundCVE-2024-53299 is a significant security vulnerability identified in Apache Wicket, specifically impacting versions prior to 9.19.0 and 10.3.0. This vulnerability allows attackers to initiat ... Read more

Published Date: Jan 26, 2025 (6 months, 4 weeks ago)
  • TheCyberThrone
TheCyberThrone Security BiWeekly Review – January 25, 2025

Welcome to TheCyberThrone. Cybersecurity week in review will be posted covering the important security happenings. This review is for the bi-weekly ending on Saturday, January 25, 2025.CVE-2025-0411 i ... Read more

Published Date: Jan 26, 2025 (6 months, 4 weeks ago)
  • TheCyberThrone
CVE-2024-53691: PoC Exploit Code Release for QNAP Flaw

CVE-2024-53691 is a severe remote code execution (RCE) vulnerability discovered in QNAP NAS devices. Recently, security researcher c411e released a Proof-of-Concept (PoC) exploit code, underscoring th ... Read more

Published Date: Jan 20, 2025 (7 months ago)
  • TheCyberThrone
CVE-2025-0107 PoC Exploit Code Released for PaloAlto Flaw

Background:CVE-2025-0107 is a critical OS command injection vulnerability discovered in Palo Alto Networks’ Expedition Tool, version 1.2.101 and earlier. Recently, security researchers released a Proo ... Read more

Published Date: Jan 19, 2025 (7 months ago)
  • TheCyberThrone
CVE-2024-44243: macOS SIP Bypass Flaw

CVE-2024-44243 is a critical vulnerability discovered in macOS that allows attackers to bypass Apple’s System Integrity Protection (SIP) by exploiting third-party kernel extensions. This vulnerability ... Read more

Published Date: Jan 15, 2025 (7 months, 1 week ago)
  • TheCyberThrone
CISA adds Fortinet flaw CVE-2024-55591 to KEV Catalog

CVE-2024-55591 is a critical vulnerability affecting Fortinet’s FortiOS and FortiProxy devices. This vulnerability allows a remote attacker to bypass authentication mechanisms and gain super-admin pri ... Read more

Published Date: Jan 15, 2025 (7 months, 1 week ago)
  • TheCyberThrone
CVE-2024-5594 impacts OpenVPN

CVE-2024-5594 is a critical vulnerability identified in OpenVPN versions prior to 2.6.11. This vulnerability stems from improper sanitization of PUSH_REPLY messages, which allows attackers to inject u ... Read more

Published Date: Jan 12, 2025 (7 months, 1 week ago)
  • TheCyberThrone
CVE-2024-53704 impacts SonicWall

CVE-2024-53704 is a high-severity vulnerability impacting SonicWall’s SSLVPN authentication mechanism. This flaw, with a CVSS score of 8.2, allows remote attackers to bypass authentication and gain un ... Read more

Published Date: Jan 11, 2025 (7 months, 1 week ago)
  • TheCyberThrone
CISA KEV UPDATE Part I – January 2025

The US CISA has added 3  vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on the evidence of active exploitation.CVE-2024-41713: Mitel MiCollab Path Traversal VulnerabilityDe ... Read more

Published Date: Jan 08, 2025 (7 months, 2 weeks ago)
  • TheCyberThrone
TheCyberThrone Security Biweekly Review – December 28, 2024

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the biweekly ending Saturday, December 28, 2024.Indian users are ta ... Read more

Published Date: Dec 30, 2024 (7 months, 3 weeks ago)
  • TheCyberThrone
CVE-2024-45387 Critical Bug in Apache Traffic Control

CVE-2024-45387 represents a significant security concern within the Traffic Ops component of Apache Traffic Control, specifically impacting versionsThe heart of this vulnerability is an SQL injection ... Read more

Published Date: Dec 25, 2024 (7 months, 4 weeks ago)
  • TheCyberThrone
Microsoft Patch Tuesday Year 2024 Analysis

In 2024, Microsoft’s Patch Tuesday updates played a critical role in addressing security vulnerabilities across various platforms. Throughout the year, a total of 1,000+ vulnerabilities were patched, ... Read more

Published Date: Dec 25, 2024 (7 months, 4 weeks ago)
  • TheCyberThrone
Zeroday Vulnerabilities Prevailed in 2024 Analysis-Part II

This is the continuation of Zeroday vulnerabilities in 2024. Let’s delve deeply into the continuation of  zero-day vulnerabilities of 2024, providing a comprehensive analysis.1. CVE-2023-46805: Authen ... Read more

Published Date: Dec 24, 2024 (8 months ago)
  • TheCyberThrone
CISA adds Acclaim Flaw CVE-2021-44207 to KEV Catalog

The US CISA has added new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitationCVE-2021-44207: Acclaim Systems USAHERDS Use of Hard-Coded Credentials V ... Read more

Published Date: Dec 23, 2024 (8 months ago)

The following table lists the changes that have been made to the CVE-2024-50379 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Aug. 08, 2025

    Action Type Old Value New Value
    Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Older EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
  • CVE Modified by [email protected]

    Aug. 08, 2025

    Action Type Old Value New Value
    Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Older EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
  • CVE Modified by [email protected]

    Aug. 07, 2025

    Action Type Old Value New Value
    Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
  • Initial Analysis by [email protected]

    Jul. 01, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 10.1.0 up to (excluding) 10.1.34 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (excluding) 11.0.2 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.0.98
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2024/12/17/4 Types: Mailing List
    Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2024/12/18/2 Types: Mailing List
    Added Reference Type Apache Software Foundation: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r Types: Mailing List, Vendor Advisory
    Added Reference Type CVE: https://security.netapp.com/advisory/ntap-20250103-0003/ Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Jan. 03, 2025

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20250103-0003/
  • CVE Modified by [email protected]

    Dec. 19, 2024

    Action Type Old Value New Value
    Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Dec. 18, 2024

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2024/12/18/2
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Dec. 17, 2024

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2024/12/17/4
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Dec. 17, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • New CVE Received by [email protected]

    Dec. 17, 2024

    Action Type Old Value New Value
    Added Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue.
    Added CWE CWE-367
    Added Reference https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact