About the Vulnerability

Introduction

The Apache Tomcat software is an open-source implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Annotations, and Jakarta Authentication specifications. These specifications are part of the Jakarta EE platform.

Summary

On December 18, 2024, Sangfor FarSight Labs received notification that an Apache-Tomcat component contains information of remote code execution vulnerability(CVE-2024-50379), classified as critical in threat level.

Apache Tomcat contains a remote code execution vulnerability. When the readonly parameter of the default Servlet is set to false, attackers can exploit a race condition to upload malicious code using the PUT method and trigger execution, leading to server compromise.

Affected Versions

9.0.0.M1 ≤ Apache Tomcat < 9.0.98

10.1.0-M1 ≤ Apache Tomcat < 10.1.34

11.0.0-M1 ≤ Apache Tomcat < 11.0.2

Solutions

Remediation Solutions

Check the System Version

In the Windows system, execute the following command under the bin directory to check the version of Tomcat: ./version.bat

CVE-2024-50379-1

Official Solution

Temporary Solution:

1.Set the readOnly parameter in the conf/web.xml file to true;

2.Disable the PUT method and restart the server to update the configuration.

Secure Versions:

Apache Tomcat 11.0.2

Apache Tomcat 10.1.34

Apache Tomcat 9.0.98

The latest version has been officially released to fix the vulnerability. Affected users are recommended to update the version of Tomcat to the secure versions and versions above.

Download link:

Tomcat 11: https://tomcat.apache.org/download-11.cgi

Tomcat 10: https://tomcat.apache.org/download-10.cgi

Tomcat 9: https://tomcat.apache.org/download-90.cgi

Sangfor Solutions

Vulnerability Proactive Detection

Support is provided for proactive detection of Tomcat Remote Code Execution Vulnerability (CVE-2024-50379); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:

[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on December 23, 2024, with Rule ID: SF-0005-21035.

[Sangfor Omni-Command XDR] is expected to release a detection scheme on December 22, 2024, with Rule ID: SF-0005-21035.

Vulnerability Security Detection

Support is provided for monitoring Tomcat Remote Code Execution Vulnerability (CVE-2024-50379); and it is capable of monitoring the affected asset conditions in business scenarios in real-time based on traffic collection, and quickly checking the scope of impact. Related products and services are as follows:

[Sangfor Cyber Command] his expected to release a monitoring scheme on December 31, 2024, with Rule ID: 11027850.

[Sangfor Cyber Guardian MDR] has released a monitoring scheme (requiring Cyber Command component capabilities), with Rule ID: 11027850.

[Sangfor Omni-Command XDR] has released a monitoring scheme, with Rule ID: 11027850.

Security Protection

Support is provided for defense against Tomcat Remote Code Execution Vulnerability (CVE-2024-50379); and it is capable of blocking attackers' intrusion targeting this event. Related products and services are as follows:

[Sangfor Network Secure] is expected to release a protection scheme on December 31, 2024, with Rule ID: 11027850.

[Sangfor WAF] is expected to release a protection scheme on December 31, 2024, with Rule ID: 11027850.

[Sangfor Cyber Guardian MDR] is expected to release a protection scheme (requiring Network Secure component capabilities) on December 31, 2024, with Rule ID: 11027850.

[Sangfor Omni-Command XDR] is expected to release a protection scheme (requiring Network Secure component capabilities) on December 31, 2024 , with Rule ID: 11027850.

Timeline

On December 18, 2024, Sangfor FarSight Labs received notification of Tomcat Remote Code Execution Vulnerability.

On December 18, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

See Other Product