You are currently viewing CVE-2024-50379: Apache Tomcat Remote Code Execution Vulnerability

CVE-2024-50379: Apache Tomcat Remote Code Execution Vulnerability

  • Post author:
  • Reading time:4 mins read

Apache Tomcat, one of the most widely used open-source application servers for running Java applications, has long been trusted by organizations around the world. However, as with all widely used software, vulnerabilities can pose significant risks if not addressed promptly.

Recently, a critical Remote Code Execution (RCE) vulnerability was discovered in Apache Tomcat that could potentially allow attackers to execute arbitrary code on affected systems.

What is CVE-2024-50379?

CVE-2024-50379 vulnerability in Apache Tomcat, allowing an attacker to execute arbitrary code under certain conditions. A race condition occurs when two or more threads try to access shared data at the same time, and the outcome depends on the order in which the threads execute. If properly exploited, this can allow an attacker to manipulate the state of the application, bypass security mechanisms, and gain unauthorized access to the system.

This specific race condition affects Apache Tomcat’s handling of HTTP requests and responses, which could lead to an attacker executing code on a vulnerable server without requiring any prior authentication or user interaction.

Affected Versions

  • Apache Tomcat 9.x (all versions prior to 9.0.75)
  • Apache Tomcat 10.x (all versions prior to 10.1.7)
  • Apache Tomcat 11.x (all versions prior to 11.0.0-M7)

Severity

  • CVSS Score: 9.8 (Critical)
  • This high-severity rating indicates that attackers can exploit this vulnerability with minimal difficulty, potentially leading to complete system compromise.

Mitigation and Recommendations

  1. Upgrade Apache Tomcat: The most effective remediation is to update Apache Tomcat to a patched version. This will eliminate the vulnerability and protect against potential exploitation.
    • For Tomcat 9.x users, upgrade to version 9.0.75 or later.
    • For Tomcat 10.x users, upgrade to version 10.1.7 or later.
    • For Tomcat 11.x users, upgrade to version 11.0.0-M7 or later.
  2. Apply Security Patches: If an immediate upgrade is not feasible, check with your system administrator for any available patches or security workarounds for your Tomcat version. These might help reduce the risk until a full upgrade can be performed.
  3. Monitor Logs and Network Traffic: Continuously monitor your IT network for any unusual behavior that could indicate attempted exploitation of this vulnerability.
  4. Restrict Access: Where possible, restrict external access to your Tomcat servers by using firewalls or implementing a reverse proxy. Allow access only to trusted IP addresses or services to limit the attack surface.

SanerNow Continuous Vulnerability and Exposure Management

SecPod SanerNow CVEM is a continuous vulnerability and exposure management solution designed to automatically detect, assess, prioritize, and remediate risks across your IT network. It supports all major operating systems and over 550+ third-party applications. With SanerNow, you can test patches before deployment, roll back if needed, and fully automate the patching process.