URL has been copied successfully!
Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379)
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379)

by

Andy Stern
in

Tags: , , , , ,

Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement, fixing the Apache Tomcat conditional competition code execution vulnerability (CVE-2024-50379). Due to the inconsistency between Windows file system and Tomcat in case-distinguishing processing of paths, when the write function of default servlet is enabled (set readonly=false and allow PUT method), unauthenticated attackers can construct…The post Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

First seen on securityboulevard.com

Jump to article: https://securityboulevard.com/2024/12/apache-tomcat-conditional-competition-code-execution-vulnerability-cve-2024-50379/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
  2. Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
  3. Right-Click to Hack: Zero-Day CVE-2024-43451 Vulnerability Targets Windows Users
  4. CISA Warns of Adobe Windows Kernel Driver Vulnerabilities Exploited in Attacks