Race Condition Vulnerability in Apache Tomcat Leading to Remote Code Execution
CVE-2024-50379

9.8CRITICAL

Key Information:

Vendor
Apache
Status
Apache Tomcat
Vendor
CVE Published:
17 December 2024

Badges

🥇 Trended No. 1📈 Trended📈 Score: 9,060👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2024-50379?

CVE-2024-50379 is a serious security vulnerability found in Apache Tomcat, a widely used open-source application server that supports Java Servlet and JavaServer Pages (JSP) technologies. This vulnerability arises from a race condition during JSP compilation, which can allow an attacker to execute arbitrary code remotely, particularly on case-insensitive file systems where the default servlet is enabled for write operations. The potential for remote code execution greatly undermines the integrity and security of applications running on Apache Tomcat, jeopardizing sensitive data and enabling unauthorized control over server resources.

Technical Details

The vulnerability is identified as a Time-of-check Time-of-use (TOCTOU) race condition, which occurs when the validation of a condition and its subsequent use are not synchronized properly. In the context of Apache Tomcat, this affects versions ranging from 11.0.0-M1 to 11.0.1, 10.1.0-M1 to 10.1.33, and 9.0.0.M1 to 9.0.97. When the default servlet has write access, an attacker can exploit this race condition to gain elevated privileges, leading to remote execution of malicious code. Users are advised to upgrade to Apache Tomcat versions 11.0.2, 10.1.34, or 9.0.98 to address this vulnerability.

Potential Impact of CVE-2024-50379

  1. Unauthorized Remote Code Execution: Attackers can potentially execute arbitrary code on affected servers, leading to complete system compromise.

  2. Data Breaches: With unauthorized access to server resources, sensitive data can be stolen, altered, or deleted, resulting in significant financial and reputational damage to affected organizations.

  3. Malware Deployment: Compromised servers can serve as a platform for deploying further malware, which can spread within an organization's network, potentially leading to broader security incidents, including ransomware attacks.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.1

Apache Tomcat 10.1.0-M1 <= 10.1.33

Apache Tomcat 9.0.0.M1 <= 9.0.97

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-50379
Created by SleepingBag945

CVE-2024-50379-PoC
Created by iSee857

Tomcat-CVE-2024-50379-Poc
Created by ph0ebus

News Articles

favicon imageDataconomy

Critical Tomcat flaw could expose your servers to attack

The Apache Software Foundation (ASF) has released a security update for its Tomcat server software, addressing a critical vulnerability identified as

1 month ago

favicon imageSecurity Affairs

Apache Foundation fixed a severe Tomcat vulnerability

The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions.

1 month ago

favicon imageBleepingComputer

Apache fixes remote code execution bypass in Tomcat web server

Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution.

1 month ago

References

https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sg...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📰

    First article discovered by BleepingComputer

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📈

    Vulnerability started trending

  • Vulnerability published

Credit

Nacl, WHOAMI, Yemoli and Ruozhi
.