CVE-2024-50379: A Critical Vulnerability in Apache Tomcat - #CVE-2024-50379
Apache Tomcat, a widely-used open-source web server, has been found to contain critical vulnerabilities affecting multiple versions. The most severe, CVE-2024-50379, allows for remote code execution through a Time-of-Check Time-of-Use (TOCTOU) race condition, particularly dangerous on case-insensitive file systems like Windows. This vulnerability can be exploited by uploading malicious JSP files, potentially leading to system compromise. Another vulnerability, CVE-2024-54677, could cause denial-of-service attacks. The Apache Software Foundation has released security updates to address these issues, urging users to upgrade to the latest patched versions. To mitigate risks, experts recommend implementing strong access controls, disabling writable default servlets, and conducting regular security audits.