CVE-2024-50379
Apache Tomcat TOCTOU Race Condition RCE on Case Insensitive File Systems
Description
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
INFO
Published Date :
Dec. 17, 2024, 1:15 p.m.
Last Modified :
Aug. 8, 2025, 12:15 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2024-50379
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Upgrade to Apache Tomcat version 9.0.98, 10.1.34, or 11.0.2.
- Update affected packages and Linux packages.
- For Nutanix, upgrade AOS software to the recommended version.
Public PoC/Exploit Available at Github
CVE-2024-50379 has a 46 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-50379.
| URL | Resource |
|---|---|
| https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r | Mailing List Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2024/12/17/4 | Mailing List |
| http://www.openwall.com/lists/oss-security/2024/12/18/2 | Mailing List |
| https://security.netapp.com/advisory/ntap-20250103-0003/ | Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-50379 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-50379
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
备份的漏洞库,3月开始我们来维护
None
None
None
cve-2024-50379
Python
Cve exploiting
cve-2024 cve-2024-50379 cve-poc
Python
CVE POC repo 자동 수집기
Python
None
Guida alla soluzione delle CTF
Smith: It's a security Agent Written with Scala 3.x
Scala Shell
None
HTML
None
Python
wy876
Python
None
Python
None
Dockerfile JavaScript Shell
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-50379 vulnerability anywhere in the article.
-
Daily CyberSecurity
Patch Now: Apache Tomcat Fixes Session Fixation and ‘MadeYouReset’ Flaws
The Apache Tomcat Project has issued important updates addressing two significant vulnerabilities affecting multiple supported versions of the popular open-source application server. The flaws — CVE-2 ... Read more
-
BleepingComputer
Brute-force attacks target Apache Tomcat management panels
A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. Tomcat is a popular open-source web server widely used by l ... Read more
-
The Register
Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
Infosec in brief Apple has responded to the UK government's demand for access to its customers’ data stored in iCloud by deciding to turn off its Advanced Data Protection (ADP) end-to-end encryption s ... Read more
-
security.nl
Atlassian waarschuwt voor kritieke Tomcat-kwetsbaarheden in Confluence
Softwarebedrijf Atlassian waarschuwt voor twee kritieke kwetsbaarheden in Confluence Data Center en Server waardoor remote code execution mogelijk is. De impact van de twee kwetsbaarheden (CVE-2024-50 ... Read more
-
TheCyberThrone
CVE-2025-24480 impacts Rockwell Automation
CVE-2025-24480 is a critical vulnerability that has been identified in FactoryTalk View Machine Edition, a widely used industrial automation software from Rockwell Automation. This vulnerability is pa ... Read more
-
TheCyberThrone
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – January 2025
Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending January 2025Subscribers favorite #1Exploit Code ... Read more
-
TheCyberThrone
CVE-2024-53299 impacts Apache Wicket
BackgroundCVE-2024-53299 is a significant security vulnerability identified in Apache Wicket, specifically impacting versions prior to 9.19.0 and 10.3.0. This vulnerability allows attackers to initiat ... Read more
-
TheCyberThrone
TheCyberThrone Security BiWeekly Review – January 25, 2025
Welcome to TheCyberThrone. Cybersecurity week in review will be posted covering the important security happenings. This review is for the bi-weekly ending on Saturday, January 25, 2025.CVE-2025-0411 i ... Read more
-
TheCyberThrone
CVE-2024-53691: PoC Exploit Code Release for QNAP Flaw
CVE-2024-53691 is a severe remote code execution (RCE) vulnerability discovered in QNAP NAS devices. Recently, security researcher c411e released a Proof-of-Concept (PoC) exploit code, underscoring th ... Read more
-
TheCyberThrone
CVE-2025-0107 PoC Exploit Code Released for PaloAlto Flaw
Background:CVE-2025-0107 is a critical OS command injection vulnerability discovered in Palo Alto Networks’ Expedition Tool, version 1.2.101 and earlier. Recently, security researchers released a Proo ... Read more
-
TheCyberThrone
CVE-2024-44243: macOS SIP Bypass Flaw
CVE-2024-44243 is a critical vulnerability discovered in macOS that allows attackers to bypass Apple’s System Integrity Protection (SIP) by exploiting third-party kernel extensions. This vulnerability ... Read more
-
TheCyberThrone
CISA adds Fortinet flaw CVE-2024-55591 to KEV Catalog
CVE-2024-55591 is a critical vulnerability affecting Fortinet’s FortiOS and FortiProxy devices. This vulnerability allows a remote attacker to bypass authentication mechanisms and gain super-admin pri ... Read more
-
TheCyberThrone
CVE-2024-5594 impacts OpenVPN
CVE-2024-5594 is a critical vulnerability identified in OpenVPN versions prior to 2.6.11. This vulnerability stems from improper sanitization of PUSH_REPLY messages, which allows attackers to inject u ... Read more
-
TheCyberThrone
CVE-2024-53704 impacts SonicWall
CVE-2024-53704 is a high-severity vulnerability impacting SonicWall’s SSLVPN authentication mechanism. This flaw, with a CVSS score of 8.2, allows remote attackers to bypass authentication and gain un ... Read more
-
TheCyberThrone
CISA KEV UPDATE Part I – January 2025
The US CISA has added 3 vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on the evidence of active exploitation.CVE-2024-41713: Mitel MiCollab Path Traversal VulnerabilityDe ... Read more
-
TheCyberThrone
TheCyberThrone Security Biweekly Review – December 28, 2024
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the biweekly ending Saturday, December 28, 2024.Indian users are ta ... Read more
-
TheCyberThrone
CVE-2024-45387 Critical Bug in Apache Traffic Control
CVE-2024-45387 represents a significant security concern within the Traffic Ops component of Apache Traffic Control, specifically impacting versionsThe heart of this vulnerability is an SQL injection ... Read more
-
TheCyberThrone
Microsoft Patch Tuesday Year 2024 Analysis
In 2024, Microsoft’s Patch Tuesday updates played a critical role in addressing security vulnerabilities across various platforms. Throughout the year, a total of 1,000+ vulnerabilities were patched, ... Read more
-
TheCyberThrone
Zeroday Vulnerabilities Prevailed in 2024 Analysis-Part II
This is the continuation of Zeroday vulnerabilities in 2024. Let’s delve deeply into the continuation of zero-day vulnerabilities of 2024, providing a comprehensive analysis.1. CVE-2023-46805: Authen ... Read more
-
TheCyberThrone
CISA adds Acclaim Flaw CVE-2021-44207 to KEV Catalog
The US CISA has added new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitationCVE-2021-44207: Acclaim Systems USAHERDS Use of Hard-Coded Credentials V ... Read more
The following table lists the changes that have been made to the
CVE-2024-50379 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Aug. 08, 2025
Action Type Old Value New Value Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Older EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. -
CVE Modified by [email protected]
Aug. 08, 2025
Action Type Old Value New Value Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Older EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. -
CVE Modified by [email protected]
Aug. 07, 2025
Action Type Old Value New Value Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. -
Initial Analysis by [email protected]
Jul. 01, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 10.1.0 up to (excluding) 10.1.34 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (excluding) 11.0.2 *cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.0 up to (excluding) 9.0.98 Added CPE Configuration AND OR *cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2024/12/17/4 Types: Mailing List Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2024/12/18/2 Types: Mailing List Added Reference Type Apache Software Foundation: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r Types: Mailing List, Vendor Advisory Added Reference Type CVE: https://security.netapp.com/advisory/ntap-20250103-0003/ Types: Third Party Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jan. 03, 2025
Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20250103-0003/ -
CVE Modified by [email protected]
Dec. 19, 2024
Action Type Old Value New Value Changed Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Dec. 18, 2024
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2024/12/18/2 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Dec. 17, 2024
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2024/12/17/4 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Dec. 17, 2024
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -
New CVE Received by [email protected]
Dec. 17, 2024
Action Type Old Value New Value Added Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue. Added CWE CWE-367 Added Reference https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r