Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.08, which fixes the issue.

The version of Tomcat installed on the remote host is prior to 9.0.98. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_9.0.98_security-9 advisory.

  - If the default servlet is write enabled (readonly initialisation parameter set to the non-default value of     false) for a case insensitive file system, concurrent read and upload under load of the same file can     bypass Tomcat's case sensitivity checks and cause an uploaded file to be treated as a JSP leading to     remote code execution. (CVE-2024-50379)

  - Numerous examples in the examples web application did not place limits on uploaded data enabling an     OutOfMemoryError to be triggered causing a denial of service. (CVE-2024-54677)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 10.1.34. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_10.1.34_security-10 advisory.

  - If the default servlet is write enabled (readonly initialisation parameter set to the non-default value of     false) for a case insensitive file system, concurrent read and upload under load of the same file can     bypass Tomcat's case sensitivity checks and cause an uploaded file to be treated as a JSP leading to     remote code execution. (CVE-2024-50379)

  - Numerous examples in the examples web application did not place limits on uploaded data enabling an     OutOfMemoryError to be triggered causing a denial of service. (CVE-2024-54677)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_11.0.2_security-11 advisory.

  - If the default servlet is write enabled (readonly initialisation parameter set to the non-default value of     false) for a case insensitive file system, concurrent read and upload under load of the same file can     bypass Tomcat's case sensitivity checks and cause an uploaded file to be treated as a JSP leading to     remote code execution. (CVE-2024-50379)

  - Numerous examples in the examples web application did not place limits on uploaded data enabling an     OutOfMemoryError to be triggered causing a denial of service. (CVE-2024-54677)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
213078	Apache Tomcat 9.0.0.M1 < 9.0.98 multiple vulnerabilities	Nessus	Web Servers	critical
213077	Apache Tomcat 10.1.0.M1 < 10.1.34 multiple vulnerabilities	Nessus	Web Servers	critical
213076	Apache Tomcat 11.0.0.M1 < 11.0.2 multiple vulnerabilities	Nessus	Web Servers	critical

Detections

Analytics

CVE-2024-50379

critical

Tenable Plugins

critical

critical

critical