Press ESC to close

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Category Details
Threat Actors • No specific threat actors mentioned.
Campaign Overview • Release of security update for Apache Tomcat to fix CVE-2024-56337, an incomplete mitigation for CVE-2024-50379, both resulting in potential remote code execution.
Target Regions (Victims) • Users of Apache Tomcat on case-insensitive file systems, particularly those using specific versions of Java.
Methodology • Time-of-check Time-of-use (TOCTOU) race condition allowing an uploaded file to be treated as a JSP, leading to remote code execution.
Product Targeted • Apache Tomcat (versions 9.0.0.M1 to 11.0.1).
Malware Reference • No specific malware mentioned.
Tools Used • Attackers exploit file handling and servlet write configurations, bypassing case sensitivity checks.
Vulnerabilities Exploited • CVE-2024-50379 and CVE-2024-56337, both TOCTOU vulnerabilities leading to remote code execution under specific conditions.
TTPs • Exploit file handling and servlet write misconfigurations on case-insensitive file systems.
Attribution • Nacl, WHOAMI, Yemoli, Ruozhi (security researchers); KnownSec 404 Team (PoC contributor).
Recommendations • Users should apply the latest Tomcat update (11.0.2 or later, depending on version) and configure Java properties as per the advisory to mitigate the vulnerability.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: TheHackersNews

Published on: December 25, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *