🟡 CVE-2025-4021: A vulnerability was found in c... 🟡 CVE-2025-4020: A vulnerability was found in P... 🟡 CVE-2025-32472: The multiScan and picoScan are... 🟡 CVE-2025-4019: A vulnerability, which was cla... 🟡 CVE-2025-4018: A vulnerability, which was cla... 🟡 CVE-2025-4017: A vulnerability classified as ... 🟡 CVE-2025-4016: A vulnerability classified as ... 🟡 CVE-2025-4015: A vulnerability was found in 2... 🟡 CVE-2025-4014: A vulnerability was found in P... 🔥 CVE-2025-3200: An unauthenticated remote atta... 🟡 CVE-2025-4013: A vulnerability was found in P... 🟡 CVE-2025-4012: A vulnerability was found in p... 🟡 CVE-2025-4011: A vulnerability has been found... ⚠️ CVE-2025-42598: Multiple SEIKO EPSON printer d... 🟡 CVE-2025-39367: Missing Authorization vulnerab... 🟢 CVE-2025-32471: The device’s passwords have no... ⚠️ CVE-2025-32470: A remote unauthenticated attac... ⚠️ CVE-2025-4007: A vulnerability classified as ... ⚠️ CVE-2025-22235: EndpointRequest.to() creates a... 🟡 CVE-2025-4006: A vulnerability classified as ... 🟡 CVE-2025-4005: A vulnerability was found in P... 🟡 CVE-2025-4004: A vulnerability was found in P... 🟡 CVE-2025-4003: A vulnerability was found in R... 🟡 CVE-2025-4002: A vulnerability was found in R... 🟡 CVE-2025-4001: A vulnerability has been found... 🟡 CVE-2025-4000: A vulnerability, which was cla... 🟡 CVE-2025-3999: A vulnerability, which was cla... 🟡 CVE-2025-3998: A vulnerability classified as ... 🟡 CVE-2025-3997: A vulnerability classified as ... 🟡 CVE-2025-3996: A vulnerability was found in T... 🟡 CVE-2025-3706: The eHRMS from 104 Corporation... 🟡 CVE-2025-3995: A vulnerability was found in T... 🟡 CVE-2025-3994: A vulnerability was found in T... ⚠️ CVE-2025-3993: A vulnerability was found in T... ⚠️ CVE-2025-3992: A vulnerability has been found... ⚠️ CVE-2025-3991: A vulnerability, which was cla... 🟡 CVE-2025-31144: Quick Agent V3 and Quick Agent... ⚠️ CVE-2025-27937: Quick Agent V3 and Quick Agent... 🔥 CVE-2025-26692: Quick Agent V3 and Quick Agent... ⚠️ CVE-2025-3990: A vulnerability, which was cla... ⚠️ CVE-2025-3989: A vulnerability classified as ... 🟡 CVE-2025-46690: Ververica Platform 2.14.0 allo... 🟡 CVE-2025-46689: Ververica Platform 2.14.0 cont... ⚠️ CVE-2025-3988: A vulnerability classified as ... 🟡 CVE-2025-3987: A vulnerability was found in T... 🟡 CVE-2025-3986: A vulnerability was found in A... 🟡 CVE-2025-3985: A vulnerability was found in A... 🟡 CVE-2025-46688: quickjs-ng through 0.9.0 has a... 🟡 CVE-2025-46687: quickjs-ng through 0.9.0 has a... 🟢 CVE-2025-3984: A vulnerability was found in A... 🟡 CVE-2025-3983: A vulnerability has been found... 🟡 CVE-2025-3982: A vulnerability, which was cla... 🟡 CVE-2025-3981: A vulnerability, which was cla... 🟢 CVE-2025-2866: Improper Verification of Crypt... 🟡 CVE-2025-3980: A vulnerability classified as ... 🟡 CVE-2025-3979: A vulnerability classified as ... 🟡 CVE-2025-3978: A vulnerability was found in d... 🟡 CVE-2025-3977: A vulnerability was found in i... ⚠️ CVE-2025-46657: Karaz Karazal through 2025-04-... 🟡 CVE-2025-3976: A vulnerability was found in P... 🟡 CVE-2025-3975: A vulnerability was found in S... 🟡 CVE-2025-3974: A vulnerability has been found... 🟡 CVE-2025-3973: A vulnerability, which was cla... 🟡 CVE-2025-3972: A vulnerability, which was cla... 🟡 CVE-2025-3971: A vulnerability classified as ... 🟡 CVE-2025-3970: A vulnerability classified as ... 🟡 CVE-2025-3969: A vulnerability was found in c... 🟡 CVE-2025-3968: A vulnerability was found in c... 🟡 CVE-2025-3967: A vulnerability was found in i... 🟡 CVE-2025-3886: An issue in CatoNetworks CatoC... 🟡 CVE-2025-3966: A vulnerability was found in i... 🟡 CVE-2025-3965: A vulnerability has been found... 🟡 CVE-2025-3964: A vulnerability, which was cla... 🟡 CVE-2025-3963: A vulnerability, which was cla... 🟡 CVE-2024-52888: For an authenticated end-user ... 🟢 CVE-2024-52887: Authenticated end-user may set... 🟡 CVE-2025-3962: A vulnerability classified as ... 🟡 CVE-2025-3961: A vulnerability classified as ... 🟡 CVE-2025-3960: A vulnerability was found in w... 🟡 CVE-2025-3959: A vulnerability was found in w... 🟡 CVE-2025-3958: A vulnerability was found in w... 🟡 CVE-2025-3957: A vulnerability was found in o... 🟡 CVE-2025-3956: A vulnerability has been found... ⚠️ CVE-2025-46580: There is a code-related vulner... ⚠️ CVE-2025-46579: There is a DDE injection vulne... 🟡 CVE-2025-46578: There are SQL injection vulner... 🟡 CVE-2025-46577: There is a SQL injection vulne... 🟡 CVE-2025-46576: There is a Permission Manageme... 🟡 CVE-2025-46575: There is an information disclo... 🟡 CVE-2025-46574: There is an information disclo... 🟢 CVE-2025-46675: In NASA CryptoLib before 1.3.2... 🟢 CVE-2025-46674: NASA CryptoLib before 1.3.2 us... 🟡 CVE-2025-46673: NASA CryptoLib before 1.3.2 do... 🟢 CVE-2025-46672: NASA CryptoLib before 1.3.2 do... 🟡 CVE-2025-3955: A vulnerability, which was cla... 🟢 CVE-2025-46656: python-markdownify (aka markdo... 🟡 CVE-2025-3954: A vulnerability, which was cla... 🟡 CVE-2025-46655: CodiMD through 2.5.4 has a CSP... 🟡 CVE-2025-46654: CodiMD through 2.2.0 has a CSP... 🟢 CVE-2025-46653: Formidable (aka node-formidabl...
Apache Tomcat Vulnerability CVE-2024-56337 Leads to Risk of Remote Code Execution

By Cybersecurity Team on

Apache Tomcat Vulnerability CVE-2024-56337: Incomplete Mitigation Leads to Remote Code Execution Risks

On December 20, 2024, the Apache Software Foundation disclosed a significant security vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability arises from an incomplete mitigation of a prior issue, CVE-2024-50379, and poses a risk of remote code execution (RCE) under specific conditions.

Understanding the Vulnerability

CVE-2024-56337 is classified as a Time-of-Check Time-of-Use (TOCTOU) race condition within Apache Tomcat. It affects the following versions:

  • Apache Tomcat 11.0.0-M1 through 11.0.1
  • Apache Tomcat 10.1.0-M1 through 10.1.33
  • Apache Tomcat 9.0.0.M1 through 9.0.97

The vulnerability is particularly concerning for users operating Tomcat on case-insensitive file systems with the default servlet's write capability enabled (i.e., the 'readonly' initialization parameter set to 'false'). In such configurations, the incomplete fix for CVE-2024-50379 may allow attackers to exploit the TOCTOU race condition, potentially leading to remote code execution.

Mitigation Steps

To address CVE-2024-56337, users should upgrade to the following Apache Tomcat versions:

  • Apache Tomcat 11.0.2 or later
  • Apache Tomcat 10.1.34 or later
  • Apache Tomcat 9.0.98 or later

Additionally, configuration adjustments are necessary based on the Java version in use:

  • Java 8 or Java 11: Explicitly set the system property sun.io.useCanonCaches to false (default is true).
  • Java 17: If the system property sun.io.useCanonCaches is set, ensure it is false (default is false).
  • Java 21 and later: No additional configuration is required, as the system property and the associated cache have been removed.

Future releases—Tomcat 11.0.3, 10.1.35, and 9.0.99 onwards—will include checks to ensure sun.io.useCanonCaches is appropriately configured before enabling write capabilities for the default servlet on case-insensitive file systems. Tomcat will also set sun.io.useCanonCaches to false by default where possible.

Recommendations for Users

Users are strongly advised to:

  • Upgrade to the latest compatible version of Apache Tomcat.
  • Review and adjust the sun.io.useCanonCaches system property based on the Java version in use.
  • Ensure that the default servlet's write capability is disabled unless explicitly required.
  • Regularly monitor official Apache Tomcat communications for updates and security advisories.

Conclusion

The disclosure of CVE-2024-56337 underscores the importance of comprehensive vulnerability mitigation and the need for vigilance in maintaining server configurations. By promptly applying the recommended updates and configurations, users can safeguard their systems against potential exploitation.

Sources

Back to Posts