What is CVE-2024-50379?

CVE-2024-50379 is a vulnerability in Apache Software Foundation Tomcat, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. Published 2024-12-17.

Is CVE-2024-50379 known to be exploited?

58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Tomcat

CVE-2024-50379

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.848 (99.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Tomcat — versions 11.0.0-M1, 10.1.0-M1, 9.0.0.M1

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

Public proof-of-concept exploits

References

lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r (vendor-advisory)

Frequently asked questions

What is CVE-2024-50379?: CVE-2024-50379 is a vulnerability in Apache Software Foundation Tomcat, classified under Time-of-check Time-of-use (TOCTOU) Race Condition. Published 2024-12-17.
Is CVE-2024-50379 known to be exploited?: 58 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.