Category | Details |
---|---|
Threat Actors | • No specific threat actors mentioned. |
Campaign Overview | • Release of security update for Apache Tomcat to fix CVE-2024-56337, an incomplete mitigation for CVE-2024-50379, both resulting in potential remote code execution. |
Target Regions (Victims) | • Users of Apache Tomcat on case-insensitive file systems, particularly those using specific versions of Java. |
Methodology | • Time-of-check Time-of-use (TOCTOU) race condition allowing an uploaded file to be treated as a JSP, leading to remote code execution. |
Product Targeted | • Apache Tomcat (versions 9.0.0.M1 to 11.0.1). |
Malware Reference | • No specific malware mentioned. |
Tools Used | • Attackers exploit file handling and servlet write configurations, bypassing case sensitivity checks. |
Vulnerabilities Exploited | • CVE-2024-50379 and CVE-2024-56337, both TOCTOU vulnerabilities leading to remote code execution under specific conditions. |
TTPs | • Exploit file handling and servlet write misconfigurations on case-insensitive file systems. |
Attribution | • Nacl, WHOAMI, Yemoli, Ruozhi (security researchers); KnownSec 404 Team (PoC contributor). |
Recommendations | • Users should apply the latest Tomcat update (11.0.2 or later, depending on version) and configure Java properties as per the advisory to mitigate the vulnerability. |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html
The above summary has been generated by an AI language model
Leave a Reply