Executive Summary

Informations
Name CVE-2024-50379 First vendor Publication 2024-12-17
Vendor Cve Last vendor Modification 2025-01-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.

Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379

Sources (Detail)

http://www.openwall.com/lists/oss-security/2024/12/17/4
http://www.openwall.com/lists/oss-security/2024/12/18/2
https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
https://security.netapp.com/advisory/ntap-20250103-0003/
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2025-01-03 17:20:34
  • Multiple Updates
2024-12-19 21:20:29
  • Multiple Updates
2024-12-18 21:20:29
  • Multiple Updates
2024-12-17 21:20:29
  • Multiple Updates
2024-12-17 17:20:29
  • First insertion