Apache Tomcat Addresses Critical Security Vulnerabilities
/ 1 min read
🛡️💻 Apache Tomcat issues critical security updates to address vulnerabilities. The Apache Software Foundation has released urgent updates for Apache Tomcat, a popular open-source web server, to fix two significant vulnerabilities. The more severe flaw, CVE-2024-50379, could allow remote code execution if specific conditions are met, particularly when the default servlet is misconfigured. A second vulnerability, CVE-2024-54677, poses a denial-of-service risk through excessive data uploads, potentially crashing servers. Affected versions include Apache Tomcat 11.0.0-M1 to 11.0.1, 10.1.0-M1 to 10.1.33, and 9.0.0-M1 to 9.0.97. Users are strongly advised to upgrade to the latest versions—11.0.2, 10.1.34, or 9.0.98—to mitigate these risks.
