CVE-2024-56337

Published Dec 20, 2024

Last updated 5 days ago

Overview

Description
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.
Source
security@apache.org
NVD status
Received

Weaknesses

security@apache.org
CWE-367

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

22

  1. A flaw in the Apache Tomcat update intended to fix a previous vulnerability has introduced another significant security issue, leaving organizations exposed to RCE attacks. CVSS: 9.8 ⚠️ Critical CVE-2024-50379/CVE-2024-56337 Both vulnerabilities, exploit a race condition in… h

    @cytexsmb

    24 Dec 2024

    340 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    0 Replies

    1 Quote

  2. #Vulnerability #CVE202450379 CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability https://t.co/5Uw109ngsh

    @Komodosec

    24 Dec 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical Apache Tomcat RCE Flaw CVE-2024-56337 #cybersecurity #breakingnews #news #trending #latest https://t.co/DfPcBcTbnT

    @cyashadotcom

    24 Dec 2024

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A critical vulnerability in Apache Tomcat (CVE-2024-56337) allows remote code execution on case-insensitive file systems. Update to patched versions and adjust your Java configuration accordingly. Stay secure! https://t.co/hZCY5JayvQ

    @IntrusionZ3r0

    24 Dec 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. آسیب پذیری بحرانی CVE-2024-56337 در Apache Tomcat را فورا پچ کنید! https://t.co/UhRHMRIx9A

    @vulnerbyte

    24 Dec 2024

    35 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Vulnerabilities CVE-2024-56337 and CVE-2024-50379 require urgent updates to protect against remote code execution. 🔧 Check versions and customize Java! More information 👉 https://t.co/1zjrkiUM4r #VPNUnlimited #CyberSecurity https://t.co/a4HvKtGn1K

    @vpnunlimited

    24 Dec 2024

    242 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 New Vulnerabilities 🚨 Critical Apache Tomcat RCE Alert: CVE-2024-56337 Read More: https://t.co/2VmwLmfVlG https://t.co/XJoZuN5M77

    @cyberlearnorg

    24 Dec 2024

    52 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. #ITSecurity #Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/WtcaMpSLwB via @TheHackersNews

    @GAILLOTPatrice

    24 Dec 2024

    58 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Apache Tomcatの脆弱性CVE-2024-56337が公開され、リモートコード実行(RCE)のリスクが判明。Tomcatの特定バージョン(9.0~11.0.1)が影響を受け、デフォルト設定でのファイル書き込みを悪用可能。Javaの設定調整とアップデートが必要。 https://t.co/bPI3mufQ4Q

    @01ra66it

    24 Dec 2024

    250 Impressions

    0 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-56337 alert 🚨 Apache Tomcat: Remote code execution The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #Apache https://t.co/TKbxYzu2ZI

    @Patrowl_io

    24 Dec 2024

    63 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. #tomcat Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks Dec 24, 2024 https://t.co/ZmSUa6vzDA

    @TeamDreier

    24 Dec 2024

    107 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Apache Tomcatの重大なRCE脆弱性が修正される:CVE-2024-56337 | Codebook https://t.co/swsdHQeSuc #izumino_trend

    @sec_trend

    24 Dec 2024

    84 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-56337: Apache Tomcat'te Kritik Uzaktan Kod Çalıştırma (RCE) Açığı https://t.co/b1oHAW89hF

    @cyberwebeyeos

    24 Dec 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. #Apache #Tomcat Vulnerability #CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/zRgWlgAX4U

    @ScyScan

    24 Dec 2024

    71 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/fDHxSzM3LM https://t.co/SPxmiMAULT

    @talentxfactor

    24 Dec 2024

    53 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks Learn More ➥ https://t.co/ZbRgbDrmYq #cybersecurity #hacking #cyberattack #technews

    @allhackernews_

    24 Dec 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks Read More: https://t.co/WrG61iQyCx #Apache #Servers https://t.co/IU4bDuA3sh

    @techpio_team

    24 Dec 2024

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. VULNERABILIDADE DO APACHE TOMCAT CVE-2024-56337 EXPÕE SERVIDORES A ATAQUES RCE https://t.co/tAtpqhuaZR #SamirNews #vulnerabilidade #do #apache #tomcat #cve202456337 #expõe #servidores #a #ataques #rce

    @CanalFs0ciety

    24 Dec 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks. The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that... https://t.co/lfeTiiki9M #InceptusSecure #UnderOurProtection

    @Inceptus3

    24 Dec 2024

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/wpcdpQ19Ts

    @Dinosn

    24 Dec 2024

    4001 Impressions

    11 Retweets

    72 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

  21. The Hacker News - Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/v12WWujbjN

    @buzz_sec

    24 Dec 2024

    54 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/8l0jqwyRdN

    @DemolisherDigi

    24 Dec 2024

    39 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. #ln -s: RSS: Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/mETHbRIcTK

    @cpardue09

    24 Dec 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. [TheHackersNews] Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks. The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in... https://t.co/VVSSK5bbVa

    @shah_sheikh

    24 Dec 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/18RdliYRZW

    @molari999

    24 Dec 2024

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/JQdML95J2T

    @TheCyberSecHub

    24 Dec 2024

    1152 Impressions

    5 Retweets

    5 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  27. ⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk. » Affected Versions: Tomcat 9.0.0-M1 to 11.0.1 » Severity? 9.8 on CVSS Details👉https://t.co/PEzrwTmRiQ

    @TheHackersNews

    24 Dec 2024

    50928 Impressions

    56 Retweets

    127 Likes

    42 Bookmarks

    2 Replies

    2 Quotes

  28. Threat Alert: Apache fixes remote code execution bypass in Tomcat web server - #CVE-2024-56337 CVE-2024-56337 CVE-2024-50379 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/FGpkg1Azj3 #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    24 Dec 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🔨Apache Tomcatの重大なRCE脆弱性が修正される:CVE-2024-56337 ⚠️AdobeがColdFusionの重大な脆弱性について警告、PoCも存在:CVE-2024-53961 〜サイバーアラート 12月24日〜 https://t.co/t4vCGSKMQl #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    24 Dec 2024

    146 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. CVE-2024-56337 (Remote Code Execution) 🔥 https://t.co/UVF7o1NgRg

    @IntrusionZ3r0

    23 Dec 2024

    52 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 A critical security update for Apache Tomcat addresses CVE-2024-56337, a remote code execution vulnerability affecting multiple versions. Users with case-insensitive file systems are at risk. #TomcatRCE #ApacheUpdate #CyberThreats #CybersecurityNews … https://t.co/FdDamiJ9yL

    @TweetThreatNews

    23 Dec 2024

    63 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Top 5 Trending CVEs: 1 - CVE-2024-9121 2 - CVE-2022-20201 3 - CVE-2024-56337 4 - CVE-2024-49775 5 - CVE-2024-8534 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    23 Dec 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🚨 Critical Security Alert: Apache Tomcat RCE Vulnerability (CVE-2024-56337) The Apache Software Foundation has released a patch for a severe RCE flaw affecting versions 11.0.0-M1 to 11.0.1, 10.1.0-M1 to 10.1.33, and 9.0.0.M1 to 9.0.97. 🔍 Key Details: Exploited via… https://t

    @GHak2learn27752

    23 Dec 2024

    149 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability https://t.co/R2gQqyiQDw

    @Dinosn

    23 Dec 2024

    3235 Impressions

    14 Retweets

    59 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  35. Apache Tomcatの脆弱性CVE-2024-56337が発見され、リモートコード実行(RCE)の危険性がある。影響を受けるのはTomcatの複数バージョンで、特にデフォルトのサーブレットの書き込み機能が有効な環境が対象。 https://t.co/6xoAkh9Q0J

    @01ra66it

    23 Dec 2024

    285 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  36. 🚨🚨CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability ⚠️Attackers could exploit this flaw on case-insensitive file systems where Tomcat’s default servlet has write functionality enabled. Search for Apache Tomcat application. ZoomEye Dork👉app="Apache Tomcat" 894k+

    @zoomeye_team

    23 Dec 2024

    607 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  37. Apache Tomcatで重大(Critical)()な遠隔コード実行の脆弱性。CVE-2024-56337はCVE-2024-50379の修正が不完全であるもの。大文字小文字が区別されないファイルシステムで、デフォルトサーブレットが書き込み可能になっている場合に、悪性JSPのアップロードが可能。 https://t.co/ioccWwVHZn

    @__kokumoto

    23 Dec 2024

    2469 Impressions

    3 Retweets

    22 Likes

    6 Bookmarks

    1 Reply

    1 Quote

  38. 🗣 CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability https://t.co/FA65GvDiQr

    @fridaysecurity

    23 Dec 2024

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability Find out about the critical CVE-2024-56337 vulnerability in #Apache #Tomcat. Learn how to mitigate the risk and protect your system https://t.co/aKDatirfi1

    @the_yellow_fall

    23 Dec 2024

    335 Impressions

    2 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  40. 利用環境の場合はバージョンアップを / Apache Tomcat の脆弱性(Important: CVE-2024-56337) - SIOS SECURITY BLOG https://t.co/69JRP1skor #bookmark

    @igaos

    23 Dec 2024

    96 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  41. IT関連サイト記事が更新されました!記事はこちらから⇒ Apache Tomcat の脆弱性(Important: CVE-2024-56337) https://t.co/XHVPLkIRkd

    @itit7777

    22 Dec 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. SIOSセキュリティブログを更新しました。 Apache Tomcat の脆弱性(Important: CVE-2024-56337) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache https://t.co/mRhn2hXFUr

    @omokazuki

    22 Dec 2024

    78 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Apache Tomcat CVE-2024-56337: Una Grave RCE ad Alto Rischio è Stata Scoperta - https://t.co/U4ipDSaeGc

    @Cysafenews

    21 Dec 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Apache Tomcat CVE-2024-56337: Una Grave RCE ad Alto Rischio è Stata Scoperta https://t.co/DSYviDS2ta #redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy #engineering #intelligence https://t.co/652

    @redhotcyber

    21 Dec 2024

    148 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  45. CVE-2024-56337 TOCTOU Race Condition Vulnerability in Apache Tomcat Versions 상세 11.0.1 A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability is in Apache Tomcat. It affects Apache Tomcat versions from... https://t.co/p1uTqk7I9R

    @VulmonFeeds

    20 Dec 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. CVE-2024-56337 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 thr… https://t.co/wfscSpTNTx

    @CVEnew

    20 Dec 2024

    341 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes