CVE-2024-50379 — Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat
Severity
9.8CRITICALNVD
EPSS
86.5%
top 0.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 17
Latest updateAug 20
Description
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions m…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
5OSV▶
CVE-2024-50379: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file system↗2024-12-17
🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition during JSP Compilation (CVE-2024-50379)↗2025-01-27
📋Vendor Advisories
4💬Community
1HackerOne
▶