Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-50379

CRITICAL
Published 2024-12-17T12:34:54.827Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-50379. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.893
probability
of exploitation in the wild

There is a 89.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.995
Higher than 99.5% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.

The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Tomcat

Affected Versions:

11.0.0-M1 10.1.0-M1 9.0.0.M1 8.5.0 3

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

GHSA-5j33-cvvr-w245

Advisory Details

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Affected Packages

Maven org.apache.tomcat:tomcat-catalina
ECOSYSTEM: ≥11.0.0-M1 <11.0.2
Maven org.apache.tomcat:tomcat-catalina
ECOSYSTEM: ≥10.1.0-M1 <10.1.34
Maven org.apache.tomcat:tomcat-catalina
ECOSYSTEM: ≥9.0.0.M1 <9.0.98
Maven org.apache.tomcat.embed:tomcat-embed-core
ECOSYSTEM: ≥11.0.0-M1 <11.0.2
Maven org.apache.tomcat.embed:tomcat-embed-core
ECOSYSTEM: ≥10.1.0-M1 <10.1.34
Maven org.apache.tomcat.embed:tomcat-embed-core
ECOSYSTEM: ≥9.0.0.M1 <9.0.98
Maven org.apache.tomcat:tomcat-catalina
ECOSYSTEM: ≥8.5.0 ≤8.5.100
Maven org.apache.tomcat.embed:tomcat-embed-core
ECOSYSTEM: ≥8.5.0 ≤8.5.100

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-50379
WEB https://github.com/apache/tomcat/commit/05ddeeaa54df1e2dc427d0164bedd6b79f78d81f
WEB https://github.com/apache/tomcat/commit/43b507ebac9d268b1ea3d908e296cc6e46795c00
WEB https://github.com/apache/tomcat/commit/631500b0c9b2a2a2abb707e3de2e10a5936e5d41
WEB https://github.com/apache/tomcat/commit/684247ae85fa633b9197b32391de59fc54703842
WEB https://github.com/apache/tomcat/commit/8554f6b1722b33a2ce8b0a3fad37825f3a75f2d2
WEB https://github.com/apache/tomcat/commit/cc7a98b57c6dc1df21979fcff94a36e068f4456c
PACKAGE https://github.com/apache/tomcat
WEB https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
WEB https://security.netapp.com/advisory/ntap-20250103-0003
WEB https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.34
WEB https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.2
WEB https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.98
WEB http://www.openwall.com/lists/oss-security/2024/12/17/4
WEB http://www.openwall.com/lists/oss-security/2024/12/18/2

Advisory provided by GitHub Security Advisory Database. Published: December 17, 2024, Modified: August 8, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

3 posts
Reddit 1 month, 3 weeks ago
crstux
Exploit

🔥 Top 10 Trending CVEs (16/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53833](https://nvd.nist.gov/vuln/detail/CVE-2025-53833)** - 📝 LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which …

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2025-4941 CVE-2025-22224
2
2.0
View Original High Risk
Reddit 1 month, 3 weeks ago
crstux
Exploit

🔥 Top 10 Trending CVEs (15/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49706](https://nvd.nist.gov/vuln/detail/CVE-2025-49706)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 3 - 📝 **Analysis:** A SharePoint Server spoofing …

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2025-22224 CVE-2024-27348 CVE-2023-45866 CVE-2020-0556
2
2.0
View Original High Risk
Reddit 1 month, 3 weeks ago
crstux
Exploit

🔥 Top 10 Trending CVEs (15/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49706](https://nvd.nist.gov/vuln/detail/CVE-2025-49706)** - 📝 Microsoft SharePoint Server Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 6.3 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 3 - 📝 **Analysis:** A SharePoint Server spoofing …

Also mentions: CVE-2025-49706 CVE-2025-49704 CVE-2025-47812 CVE-2025-22224 CVE-2024-27348 CVE-2023-45866 CVE-2020-0556
1
1.0
View Original High Risk

References

https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
Published: 2024-12-17T12:34:54.827Z
Last Modified: 2025-08-08T11:26:53.216Z
Copied to clipboard!