CRITICAL · CVSS 9.8
CVE-2024-50379 — Apache Tomcat RCE
TOCTOU race in case-insensitive filesystem JSP processing → RCE.
Affects
- Tomcat 9.0.0.M1 — 9.0.97 + 10.1 — 10.1.33 + 11.0 — 11.0.1
What an attacker does
Race-condition between JSP-validation + JSP-execution. With concurrent uploads, attacker bypasses validation.
How to detect
Tomcat version + concurrent-upload-rate
How to fix
Upgrade Tomcat to 9.0.98+ / 10.1.34+ / 11.0.2+
Securie findingcritical · CVSS 9.8
CVE-2024-50379How Securie catches CVE-2024-50379
Securie's static rules detect Tomcat version + Java specialist scans for vulnerable JSP patterns.
Scan my repo for CVE-2024-50379 →Securie reviews every PR · proves real issues · opens verified fix PRs