skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Apache Tomcat Vulnerability CVE-2024-56337 Allows RCE Attacks

/ 1 min read

🔒🌐 Apache Software Foundation addresses critical vulnerability in Tomcat server. The Apache Software Foundation has issued a security update for its Tomcat server software to fix a significant vulnerability, CVE-2024-56337, which could lead to remote code execution (RCE) under specific conditions. This flaw is linked to a previously identified issue, CVE-2024-50379, and affects various versions of Tomcat, requiring users to implement configuration changes based on their Java version. The vulnerabilities stem from Time-of-check Time-of-use (TOCTOU) race conditions that can compromise case-insensitive file systems. Security researchers have been credited for identifying these issues, which come amid reports of another critical bug in Webmin that allows remote code execution. Users are urged to update their systems to mitigate these risks.

Source
{entry.data.source.title}
Original