CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-50379

Critical Severity
SVRS
74/100
CVSSv3
NA/10
EPSS
0.92056/1

CVE-2024-50379: Apache Tomcat TOCTOU Race Condition vulnerability. This flaw allows for potential Remote Code Execution (RCE) on case-insensitive file systems. This vulnerability exists during JSP compilation when the default servlet is enabled for write access, a non-default setting. Affecting Apache Tomcat versions 11.0.0-M1 through 11.0.1, 10.1.0-M1 through 10.1.33, and 9.0.0.M1 through 9.0.97. Given SOCRadar's Vulnerability Risk Score (SVRS) of 74, while not critical (above 80), it represents a significant risk due to the existence of active exploits and the potential for RCE. Users are advised to upgrade to versions 11.0.2, 10.1.34, or 9.0.98 to mitigate this security risk and prevent potential compromise of systems.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
PUBLICATION DATE2025-03-20
LAST MODIFIED2024-12-17
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-50379 is a critical Remote Code Execution (RCE) vulnerability stemming from a Time-of-check Time-of-use (TOCTOU) Race Condition during JSP compilation in Apache Tomcat. This vulnerability is exploitable when the default servlet is enabled for write, a non-default configuration, and affects versions of Apache Tomcat ranging from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, and from 9.0.0.M1 through 9.0.97. The SVRS score for this vulnerability is 74, indicating a high-severity threat requiring immediate attention.

Key Insights

  • High-Severity RCE: This vulnerability allows an attacker to execute arbitrary code on a vulnerable system, enabling complete compromise of the affected server.
  • Exploit Availability: Active exploits are publicly available, meaning attackers can easily exploit the vulnerability.
  • Wide Impact: The vulnerability affects a wide range of Apache Tomcat versions commonly deployed in web applications, increasing its potential for exploitation.
  • Case-Insensitive File Systems: The exploit hinges on case-insensitive file systems, a common configuration in certain operating systems.

Mitigation Strategies

  • Upgrade Apache Tomcat: Prioritize upgrading to the latest version (11.0.2, 10.1.34 or 9.0.98) to patch the vulnerability.
  • Disable Default Servlet for Write Access: If upgrading is not immediately possible, disable write access for the default servlet. This mitigates the RCE vulnerability by preventing attackers from exploiting the TOCTOU race condition.
  • Implement WAF/IDS: Consider deploying a web application firewall (WAF) or intrusion detection system (IDS) to monitor and block potential malicious requests targeting the vulnerable components.
  • Network Segmentation: Isolate the vulnerable servers from critical network resources to limit the impact of potential exploitation.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
iSee857/CVE-2024-50379-PoChttps://github.com/iSee857/CVE-2024-50379-PoC2024-12-20
v3153/CVE-2024-50379-POChttps://github.com/v3153/CVE-2024-50379-POC2024-12-18
yiliufeng168/CVE-2024-50379-POChttps://github.com/yiliufeng168/CVE-2024-50379-POC2024-12-19
dragonked2/CVE-2024-50379-POChttps://github.com/dragonked2/CVE-2024-50379-POC2024-12-25
pwnosec/CVE-2024-50379https://github.com/pwnosec/CVE-2024-503792025-01-23
ph0ebus/Tomcat-CVE-2024-50379-Pochttps://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc2024-12-21
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Mend and CVSS 3.0 vs. CVSS 4.0
/u/Khue2025-04-07
Mend and CVSS 3.0 vs. CVSS 4.0 | Hey all, I am new to DevSecOps and I am wrapping my brain around CVSS and processes relating to code development (I formerly used to simply manage infrastructure and operating system vulnerabilities). I am currently leveraging Mend to do code vulnerability scanning and the platform gives you the opportunity to select CVSS 3.0 or CVSS 4.0. Based on what I've read, in order to stay ahead of the industry and because we are starting
reddit.com
rss
forum
news
1.834
2025-04-03
1.834 | Newly Added (4)Apache Tomcat CVE-2024-56337 VulnerabilityApache Tomcat CVE-2024-52316 VulnerabilityApache Tomcat CVE-2024-50379 VulnerabilitySecurity Vulnerabilities fixed in Zoom Desktop Client 6.3.0
fortiguard.com
rss
forum
news
Apache Tomcat Vulnerability Exposes Servers to RCE Attacks
Kaaviya2025-03-11
Apache Tomcat Vulnerability Exposes Servers to RCE Attacks | A critical security vulnerability in Apache Tomcat (CVE-2025-24813) has exposed servers to remote code execution (RCE), information disclosure, and data corruption risks.  The flaw, rooted in improper handling of partial HTTP PUT requests, affects Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98.  The Apache Software Foundation has issued patches (Tomcat 11.0.3, […] The post Apache Tomcat Vulnerability Exposes Servers to RCE Attacks
cybersecuritynews.com
rss
forum
news
CVE-2024-50379 | Apache Tomcat up to 9.0.97/10.1.33/11.0.1 JSP Compilation toctou (Nessus ID 213078)
vuldb.com2025-03-09
CVE-2024-50379 | Apache Tomcat up to 9.0.97/10.1.33/11.0.1 JSP Compilation toctou (Nessus ID 213078) | A vulnerability has been found in Apache Tomcat up to 9.0.97/10.1.33/11.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component JSP Compilation. The manipulation leads to time-of-check time-of-use. This vulnerability is known as CVE-2024-50379. The attack
vuldb.com
rss
forum
news
FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and SimpleHelp Vulnerabilities
Ferdi Gül2025-03-01
FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and SimpleHelp Vulnerabilities | Written by: Ferdi Gül Welcome to this week’s Focus Friday, where we dive into key vulnerabilities impacting widely used technologies. This installment highlights three significant incidents that pose unique challenges to third-party risk management (TPRM) teams. From Juniper Junos OS to Rsync and SimpleHelp, we explore how these vulnerabilities affect the security posture of vendors […] The post FOCUS FRIDAY: Third-Party Risks From Critical Juniper Junos, Rsync, and
normshield.com
rss
forum
news
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™
Ferdi Gül2025-03-01
FOCUS FRIDAY: TPRM Insights on FortiGate, QNAP, Mongoose, and W3 Total Cache Vulnerabilities with Black Kite’s FocusTags™ | Written by: Ferdi Gül In today’s interconnected digital landscape, the rapid emergence of critical vulnerabilities demands an agile and informed approach to Third-Party Risk Management (TPRM). This week’s Focus Friday blog highlights high-profile incidents involving vulnerabilities in FortiGate firewalls, QNAP NAS systems, Mongoose, and the W3 Total Cache WordPress plugin. Each of these vulnerabilities poses […] The post FOCUS FRIDAY: TPRM Insights
normshield.com
rss
forum
news
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
Ajit Jasrotia2025-02-24
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma | Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you understand the changing […] The post ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse
allhackernews.com
rss
forum
news

Social Media

Explored CVE-2024-50379 vulnerability a tiny bit https://t.co/0xSt7KnQB1
0
0
0
@RealTryHackMe Tomcat: CVE-2024-50379: Explore and learn about the Tomcat CVE-2024-50379 vulnerability. https://t.co/7bWdEekrrj
0
0
0
NEW WALKTHROUGH: Tomcat: CVE-2024-50379 🐈 🔗 https://t.co/jDOikNQuV9 Explore and learn how to exploit the Tomcat CVE-2024-50379 vulnerability and how to detect such exploitation. 🔍 https://t.co/ODaYMlbVRG
0
1
13
csirt_it: ‼️ #Apache: Proof of Concept (#PoC) per lo sfruttamento della vulnerabilità CVE-2024-50379 relativa a #Tomcat, risulta disponibile in rete Rischio:🔴 ⚠️ Ove non provveduto, si raccomanda l’aggiornamento tempestivo del software interessato https://t.co/BRQZXSutxF
0
0
1
GitHub - ph0ebus/Tomcat-CVE-2024-50379-Poc: RCE through a race condition in Apache Tomcat https://t.co/03dFZEmDsm
0
1
2
CVE-2024-50379: Apache Tomcat Race Condition Vulnerability Leads to Remote Code Execution https://t.co/d7iUK9dNii
0
0
0
CVE-2024-50379: Apache Tomcat Race Condition Vulnerability Leads to Remote Code Execution https://t.co/pyoWs8VOV5
0
0
0
🚨 New Writeup Alert! 🚨 "CVE-2024-50379: Apache Tomcat Race Condition Vulnerability Leads to Remote Code Execution" by Bash Overflow is now live on IW! Check it out here: https://t.co/QIpIAIypNJ #apachevulnerability #cve202450379 #raceconditionexploit #bugbounty
0
0
0
⚠️ New CVE Real-World Alert: Apache Tomcat RCE Exploitation Detected CVE-2024-50379 allows RCE on Tomcat servers via a race condition, enabling easy exploitation. 🛡️ CVE: CVE-2024-50379 🔹 CVSS Score: 9.8 🔢 Event ID: 312 💻 Role: Incident Responder 🌀 Difficulty: Hard https://t.co/ktu2CSE5tu
0
3
14
🚨 New CVEs in Tomcat (CVE-2024-50379 & CVE-2024-56337) could lead to RCE if exploited. TomEE users are also impacted. Read our detailed analysis to protect your systems: https://t.co/Z4nKH8tb0z #Tomcat #TomEE #Cybersecurity #CVEs
0
1
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/12/17/4
[email protected]https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/12/17/4
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/12/18/2
[email protected]https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/12/17/4
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/12/18/2
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250103-0003/
[email protected]https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r

CWE Details

CWE IDCWE NameDescription
CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionThe software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence