Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:3683

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

  • tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)

  • tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
tomcat-webappsnoarch1.el8_10.3tomcat-webapps-9.0.87-1.el8_10.3.noarch.rpm
tomcatnoarch1.el8_10.3tomcat-9.0.87-1.el8_10.3.noarch.rpm
tomcat-admin-webappsnoarch1.el8_10.3tomcat-admin-webapps-9.0.87-1.el8_10.3.noarch.rpm
tomcat-docs-webappnoarch1.el8_10.3tomcat-docs-webapp-9.0.87-1.el8_10.3.noarch.rpm
tomcat-el-3.0-apinoarch1.el8_10.3tomcat-el-3.0-api-9.0.87-1.el8_10.3.noarch.rpm
tomcat-jsp-2.3-apinoarch1.el8_10.3tomcat-jsp-2.3-api-9.0.87-1.el8_10.3.noarch.rpm
tomcat-libnoarch1.el8_10.3tomcat-lib-9.0.87-1.el8_10.3.noarch.rpm
tomcat-servlet-4.0-apinoarch1.el8_10.3tomcat-servlet-4.0-api-9.0.87-1.el8_10.3.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-50379
CVE-2025-24813

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-3683

oracle-oval
7 месяцев назад

ELSA-2025-3683: tomcat security update (MODERATE)

oracle-oval логотип

ELSA-2025-3645

oracle-oval
7 месяцев назад

ELSA-2025-3645: tomcat security update (MODERATE)

ubuntu логотип

CVE-2024-50379

CVSS3: 9.8
ubuntu
11 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

redhat логотип

CVE-2024-50379

CVSS3: 8.1
redhat
11 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

nvd логотип

CVE-2024-50379

CVSS3: 9.8
nvd
11 месяцев назад

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.