REDHAT-BUG-2332817: Race Condition
First published: Tue Dec 17 2024(Updated: )
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tomcat | >=11.0.0-M1 | |
| Tomcat | >=10.1.0-M1 | |
| Tomcat | >=9.0.0.M1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2332817?
The severity of REDHAT-BUG-2332817 is critical due to the potential for remote code execution.
How do I fix REDHAT-BUG-2332817?
To fix REDHAT-BUG-2332817, you should upgrade Apache Tomcat to versions 11.0.2 or later, or apply the relevant patches.
Which versions of Apache Tomcat are affected by REDHAT-BUG-2332817?
Affected versions include Apache Tomcat from 11.0.0-M1 through 11.0.1, 10.1.0-M1, and 9.0.0.M1.
What type of vulnerability is REDHAT-BUG-2332817?
REDHAT-BUG-2332817 is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability.
Can REDHAT-BUG-2332817 lead to unauthorized access?
Yes, REDHAT-BUG-2332817 can lead to unauthorized access through remote code execution on vulnerable systems.
- agent/severity
- agent/first-publish-date
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/source
- agent/references
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-50379
- vendor/apache
- canonical/tomcat