Apache Tomcat Vulnerability CVE-2024-56337 Allows RCE Attacks
/ 1 min read
🔒🌐 Apache Software Foundation addresses critical vulnerability in Tomcat server. The Apache Software Foundation has issued a security update for its Tomcat server software to fix a significant vulnerability, CVE-2024-56337, which could lead to remote code execution (RCE) under specific conditions. This flaw is linked to a previously identified issue, CVE-2024-50379, and affects various versions of Tomcat, requiring users to implement configuration changes based on their Java version. The vulnerabilities stem from Time-of-check Time-of-use (TOCTOU) race conditions that can compromise case-insensitive file systems. Security researchers have been credited for identifying these issues, which come amid reports of another critical bug in Webmin that allows remote code execution. Users are urged to update their systems to mitigate these risks.
