- Description
- Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@apache.org
- CWE-367
- Hype score
- Not currently trending
https://t.co/OorcoOiZRo Atlassian Confluence CVE-2024-50379 org.apache.tomcat:tomcat-catalina Confluence Data Center & Server 9.8 CVE-2024-56337 RCE (Remote Code Execution) org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center & Server 9.8 #infosec
@collysucker
18 Feb 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE https://t.co/ASvik44TLH
@chensihai
20 Jan 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2024-56337: Vulnerabilidad Crítica en Apache Tomcat 🚨 🛑 Nivel de Urgencia: Alta 📉 Criticidad: Crítica 🌐 Impacto Potencial: Apache Tomcat, ampliamente utilizado para aplicaciones Java, es crucial en sectores como el financiero. https://t.co/0b8EKv8QJa
@BanCERT_gt
15 Jan 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2024-50379/CVE-2024-56337: RCE Vulnerability Due to TOCTOU in Apache Tomcat https://t.co/O32m02RHjn hello. Today's one-line issue is CVE-2024-50379/CVE-2024-56337, a race condition vulnerability that occurred in Apache Tomcat. This is a vulnerability that can… h
@hackyboiz
5 Jan 2025
2131 Impressions
11 Retweets
44 Likes
12 Bookmarks
0 Replies
0 Quotes
Still on the flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk. » Affected Versions: Tomcat 9.0.0-M1 to 11.0.1 » Severity? 9.8 on CVSS (MFkers 9.8!)
@byt3n33dl3
1 Jan 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New PoC: Apache Tomcat file upload vuln! CVE: CVE-2024-50379/CVE-2024-56337 Risk: High Impact: Remote code execution TTPs: T1190 (Exploit Public-Facing App) Details & PoC: https://t.co/QUBS9nw37Z #infosec #cyber #security
@gothburz
30 Dec 2024
62 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache fixes remote code execution bypass in Tomcat web server The vulnerability fixed in the new release is tracked as CVE-2024-56337 and addresses an incomplete mitigation for CVE-2024-50379, a critical remote code execution (RCE), for which the vendor released an incomplete… h
@johndjohnson
29 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security update: Unimus is NOT effected by CVE-2024-56337 / CVE-2024-50379. More info below... https://t.co/TVff6ph4m0
@UnimusNet
27 Dec 2024
79 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache fixes remote code execution bypass in Tomcat web server (CVE-2024-56337) via @BleepinComputer #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/uyn7qzd8eC
@proficioinc
26 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2024-56337 برای apache Tomcat از نوع RCE منتشر شده است.نسخه های 11.0.0-M1 تا 11.0.1 و 10.1.0-M1 تا 10.1.33 و 9.0.0.M1 تا 9.0.97 دارای این آسیب پذیری می باشند. https://t.co/Poz3aKYxT1 https://t.co/mVk0xEdyoy
@AmirHossein_sec
26 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Tomcat CVE-2024-50379/CVE-2024-56337 PoC https://t.co/dpTzwaRYzw
@Dinosn
26 Dec 2024
4885 Impressions
19 Retweets
92 Likes
34 Bookmarks
0 Replies
0 Quotes
Analysis of Tomcat CVE-2024-50379 / CVE-2024-56337 Conditional Competition Vulnerability https://t.co/HgGH9Gbt32
@Dinosn
25 Dec 2024
3411 Impressions
1 Retweet
20 Likes
9 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-53961 2 - CVE-2024-30085 3 - CVE-2024-56375 4 - CVE-2024-30088 5 - CVE-2024-56337 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Dec 2024
128 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk. An uploaded file could turn into malicious JSP code—resulting in remote code execution. » Affected Versions: Tomcat 9.0.0-M1 to 11.0.1 » Java users: Incorrect… https://t.co
@Cyberwald_talks
24 Dec 2024
34 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#cybersecurity #Apache #Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/adCjGlKWfN
@jos1727
24 Dec 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A flaw in the Apache Tomcat update intended to fix a previous vulnerability has introduced another significant security issue, leaving organizations exposed to RCE attacks. CVSS: 9.8 ⚠️ Critical CVE-2024-50379/CVE-2024-56337 Both vulnerabilities, exploit a race condition in… h
@cytexsmb
24 Dec 2024
550 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
1 Quote
#Vulnerability #CVE202450379 CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability https://t.co/5Uw109ngsh
@Komodosec
24 Dec 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat bug CVE-2024-56337 has a CVSS of 9.8 and exposes servers to RCE attacks. It's the second critical flaw in the same product announced in the past week. Contact your Waratek rep to learn more about how we block and remediate these CVEs. https://t.co/XZEONtgVBK https:/
@waratek
24 Dec 2024
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Apache Tomcat RCE Flaw CVE-2024-56337 #cybersecurity #breakingnews #news #trending #latest https://t.co/DfPcBcTbnT
@cyashadotcom
24 Dec 2024
41 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️CVE-2024-50379/CVE-2024-56337 : Apache Tomcat Patches Critical RCE Vulnerability 🔥Exploit : https://t.co/Qu5xKgVb55 👇Dorks: HUNTER :/product.name="Apache Tomcat" FOFA : product="Apache-Tomcat" SHODAN : product:"Apache-Tomcat" #ApacheTomcat #hunterhow #infosec #infosecurity
@wtf_brut
24 Dec 2024
2567 Impressions
13 Retweets
66 Likes
44 Bookmarks
1 Reply
0 Quotes
A critical vulnerability in Apache Tomcat (CVE-2024-56337) allows remote code execution on case-insensitive file systems. Update to patched versions and adjust your Java configuration accordingly. Stay secure! https://t.co/hZCY5JayvQ
@IntrusionZ3r0
24 Dec 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری بحرانی CVE-2024-56337 در Apache Tomcat را فورا پچ کنید! https://t.co/UhRHMRIx9A
@vulnerbyte
24 Dec 2024
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilities CVE-2024-56337 and CVE-2024-50379 require urgent updates to protect against remote code execution. 🔧 Check versions and customize Java! More information 👉 https://t.co/1zjrkiUM4r #VPNUnlimited #CyberSecurity https://t.co/a4HvKtGn1K
@vpnunlimited
24 Dec 2024
248 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Vulnerabilities 🚨 Critical Apache Tomcat RCE Alert: CVE-2024-56337 Read More: https://t.co/2VmwLmfVlG https://t.co/XJoZuN5M77
@cyberlearnorg
24 Dec 2024
55 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#ITSecurity #Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/WtcaMpSLwB via @TheHackersNews
@GAILLOTPatrice
24 Dec 2024
60 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatの脆弱性CVE-2024-56337が公開され、リモートコード実行(RCE)のリスクが判明。Tomcatの特定バージョン(9.0~11.0.1)が影響を受け、デフォルト設定でのファイル書き込みを悪用可能。Javaの設定調整とアップデートが必要。 https://t.co/bPI3mufQ4Q
@01ra66it
24 Dec 2024
262 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-56337 alert 🚨 Apache Tomcat: Remote code execution The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #Apache https://t.co/TKbxYzu2ZI
@Patrowl_io
24 Dec 2024
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#tomcat Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks Dec 24, 2024 https://t.co/ZmSUa6vzDA
@TeamDreier
24 Dec 2024
107 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56337: Tomcat Users Face Continued RCE Risk https://t.co/p2YPRHUiwk
@the_yellow_fall
24 Dec 2024
500 Impressions
1 Retweet
9 Likes
2 Bookmarks
0 Replies
0 Quotes
Apache Tomcatの重大なRCE脆弱性が修正される:CVE-2024-56337 | Codebook https://t.co/swsdHQeSuc #izumino_trend
@sec_trend
24 Dec 2024
84 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56337: Apache Tomcat'te Kritik Uzaktan Kod Çalıştırma (RCE) Açığı https://t.co/b1oHAW89hF
@cyberwebeyeos
24 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Apache #Tomcat Vulnerability #CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/zRgWlgAX4U
@ScyScan
24 Dec 2024
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/fDHxSzM3LM https://t.co/SPxmiMAULT
@talentxfactor
24 Dec 2024
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks Learn More ➥ https://t.co/ZbRgbDrmYq #cybersecurity #hacking #cyberattack #technews
@allhackernews_
24 Dec 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks Read More: https://t.co/WrG61iQyCx #Apache #Servers https://t.co/IU4bDuA3sh
@techpio_team
24 Dec 2024
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
VULNERABILIDADE DO APACHE TOMCAT CVE-2024-56337 EXPÕE SERVIDORES A ATAQUES RCE https://t.co/tAtpqhuaZR #SamirNews #vulnerabilidade #do #apache #tomcat #cve202456337 #expõe #servidores #a #ataques #rce
@CanalFs0ciety
24 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks. The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that... https://t.co/lfeTiiki9M #InceptusSecure #UnderOurProtection
@Inceptus3
24 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/wpcdpQ19Ts
@Dinosn
24 Dec 2024
4001 Impressions
11 Retweets
72 Likes
14 Bookmarks
0 Replies
0 Quotes
The Hacker News - Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/v12WWujbjN
@buzz_sec
24 Dec 2024
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/8l0jqwyRdN
@DemolisherDigi
24 Dec 2024
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#ln -s: RSS: Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/mETHbRIcTK
@cpardue09
24 Dec 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[TheHackersNews] Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks. The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in... https://t.co/VVSSK5bbVa
@shah_sheikh
24 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/18RdliYRZW
@molari999
24 Dec 2024
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://t.co/JQdML95J2T
@TheCyberSecHub
24 Dec 2024
1152 Impressions
5 Retweets
5 Likes
2 Bookmarks
1 Reply
0 Quotes
⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk. » Affected Versions: Tomcat 9.0.0-M1 to 11.0.1 » Severity? 9.8 on CVSS Details👉https://t.co/PEzrwTmRiQ
@TheHackersNews
24 Dec 2024
50928 Impressions
56 Retweets
127 Likes
42 Bookmarks
2 Replies
2 Quotes
Threat Alert: Apache fixes remote code execution bypass in Tomcat web server - #CVE-2024-56337 CVE-2024-56337 CVE-2024-50379 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/FGpkg1Azj3 #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
24 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔨Apache Tomcatの重大なRCE脆弱性が修正される:CVE-2024-56337 ⚠️AdobeがColdFusionの重大な脆弱性について警告、PoCも存在:CVE-2024-53961 〜サイバーアラート 12月24日〜 https://t.co/t4vCGSKMQl #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
24 Dec 2024
146 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56337 (Remote Code Execution) 🔥 https://t.co/UVF7o1NgRg
@IntrusionZ3r0
23 Dec 2024
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical security update for Apache Tomcat addresses CVE-2024-56337, a remote code execution vulnerability affecting multiple versions. Users with case-insensitive file systems are at risk. #TomcatRCE #ApacheUpdate #CyberThreats #CybersecurityNews … https://t.co/FdDamiJ9yL
@TweetThreatNews
23 Dec 2024
63 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-9121 2 - CVE-2022-20201 3 - CVE-2024-56337 4 - CVE-2024-49775 5 - CVE-2024-8534 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
23 Dec 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes