A major security issue has been discovered in Apache Tomcat, a popular tool used by countless organizations for hosting web applications.
A major security issue has been discovered in Apache Tomcat, a popular tool used by countless organizations for hosting web applications. This vulnerability, named CVE-2024-56337, can allow hackers to run harmful code on affected servers. For businesses using this technology, it’s a serious risk that needs immediate attention.
What went wrong?
The issue stems from a “race condition,” which is a technical flaw that occurs when systems can’t manage certain processes running at the same time.
Specifically, this vulnerability shows up when Tomcat runs on case-insensitive file systems with specific settings enabled. If the default servlet allows file uploads and the readonly option is turned off, it opens the door for attackers.
Hackers take advantage by uploading files with slight name differences (like "File.jsp" and "file.jsp"). By doing this, they can bypass checks and trick the server into running the uploaded file as a malicious script.
Who needs to act?
This vulnerability affects several versions of Apache Tomcat:
- Tomcat 11.0.0-M1 to 11.0.1
- Tomcat 10.1.0-M1 to 10.1.33
- Tomcat 9.0.0-M1 to 9.0.97
If your systems run any of these versions, you must immediately take action.
What Should You Do?
Here’s how to fix the problem:
- Update Your Software: Download and install the latest versions:
- Tomcat 11 users should upgrade to version 11.0.2 or higher.
- Tomcat 10 users should upgrade to 10.1.34 or higher.
- Tomcat 9 users should upgrade to 9.0.98 or higher.
- Adjust Java Settings: If you use Java, check these configurations:
- For Java 8 or 11, set sun.io.useCanonCaches to false.
- For Java 17, ensure this setting remains false.
- For Java 21 or newer, no additional changes are needed since this property no longer exists.
- Review Server Permissions: Ensure that the default servlet is configured correctly and disable unnecessary file-writing permissions.
Why is this important?
If left unpatched, this vulnerability can lead to unauthorized access and control of your servers. Attackers could steal data, plant malware, or disrupt your operations. Tomcat is used in many critical systems, so any weakness in its security can have widespread consequences.
Act now to stay secure
Organizations using Apache Tomcat must take these steps as soon as possible. Regular updates, proper configurations, and staying informed about new threats are vital to keeping your systems safe.
By addressing this issue promptly, businesses can protect their data, applications, and operations from potential harm.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.