Summary: The Apache Software Foundation has issued critical security updates for Apache Tomcat to address two significant vulnerabilities, including one that could allow remote code execution. Users are urged to update their installations to mitigate potential risks.
Threat Actor: Unknown | unknown
Victim: Apache Tomcat Users | Apache Tomcat Users
Key Point :
- Vulnerability CVE-2024-50379 allows remote code execution if the default servlet is misconfigured.
- CVE-2024-54677 poses a denial-of-service threat through excessive data uploads to the “examples” web application.
- Affected versions include Apache Tomcat 11.0.0-M1 to 11.0.1, 10.1.0-M1 to 10.1.33, and 9.0.0.M1 to 9.0.97.
- Immediate updates are recommended to prevent exploitation, especially for internet-exposed systems.
The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a widely-used open-source web server, and servlet container. One of the vulnerabilities could allow attackers to execute arbitrary code remotely, potentially compromising systems and sensitive data.
The more serious vulnerability, identified as CVE-2024-50379, has been assigned an “Important” severity rating. This flaw exists in the default servlet and can be exploited under specific conditions, primarily when the servlet is configured to allow write access and the underlying file system is case-insensitive. Attackers could exploit this vulnerability by uploading malicious files disguised as legitimate ones, ultimately leading to remote code execution (RCE).
The second vulnerability, tracked as CVE-2024-54677, is a denial-of-service (DoS) vulnerability affecting the “examples” web application included with Apache Tomcat. This vulnerability could allow attackers to trigger an OutOfMemoryError by uploading excessive amounts of data, potentially crashing the server and disrupting services. While this vulnerability has a “Low” severity rating, it’s still crucial to address it to ensure the stability and availability of Tomcat servers.
Affected Versions:
The vulnerabilities impact a wide range of Apache Tomcat versions, including:
- Apache Tomcat 11.0.0-M1 to 11.0.1
- Apache Tomcat 10.1.0-M1 to 10.1.33
- Apache Tomcat 9.0.0.M1 to 9.0.97
Mitigation:
The Apache Software Foundation urges all users to update their Tomcat installations to the latest versions immediately. The following versions contain fixes for both vulnerabilities:
Administrators are advised to review the official security advisories from Apache and apply the necessary updates as soon as possible to mitigate the risk of exploitation. This is especially crucial for systems exposed to the internet or handling sensitive information.
Related Posts:
