Apache Tomcat Flaw Could Allow RCE Attacks on Servers

Apache Tomcat, a widely used open-source web server software, has faced numerous security vulnerabilities in recent years.

Some critical issues put servers at risk of remote code execution (RCE) and other attacks.

These vulnerabilities highlight the importance of keeping software up-to-date and properly configured to prevent potential exploits.

Detailed Vulnerabilities:

Below is a formatted table summarizing the CVEs mentioned in the Apache Tomcat vulnerabilities:

CVE	Vulnerability Type	Description	Affected Versions
CVE-2025-24813	Remote Code Execution and Information Disclosure	Temporary file vulnerability in partial PUT operations allowing access to security-sensitive files and potential RCE with certain conditions.	11.0.0-M1 to 11.0.2
CVE-2024-56337	Remote Code Execution	Incomplete mitigation for CVE-2024-50379, requiring additional configuration on case-insensitive file systems.	11.0.0-M1 to 11.0.1
CVE-2024-54677	Denial of Service	OutOfMemoryError in examples web app due to unlimited uploaded data.	11.0.0-M1 to 11.0.1
CVE-2024-50379	Remote Code Execution	RCE via write-enabled default servlet on case-insensitive file systems.	11.0.0-M1 to 11.0.1
CVE-2024-52318	Cross-Site Scripting (XSS)	Unescaped output from pooled JSP tags could lead to XSS.	11.0.0
CVE-2024-52317	Request and Response Mix-up	Incorrectly recycled HTTP/2 requests could lead to data mix-ups between users.	11.0.0-M23 to 11.0.0-M26
CVE-2024-52316	Authentication Bypass	Potential bypass if custom authentication components throw exceptions without setting failure status.	11.0.0-M1 to 11.0.0-M26
CVE-2024-38286	Denial of Service	OutOfMemoryError triggered by abusing the TLS handshake process.	11.0.0-M1 to 11.0.0-M20
CVE-2024-34750	Denial of Service	Incorrect handling of HTTP/2 streams led to miscounting active streams.	11.0.0-M1 to 11.0.0-M20
CVE-2024-23672	Denial of Service	WebSocket clients could keep connections open for resource exhaustion.	11.0.0-M1 to 11.0.0-M16
CVE-2024-24549	Denial of Service	Failure to reset HTTP/2 streams after exceeding header limits.	11.0.0-M1 to 11.0.0-M16
CVE-2023-45648	Request Smuggling	Incorrect parsing of HTTP trailer headers could lead to request smuggling.	11.0.0-M1 to 11.0.0-M11
CVE-2023-44487	Denial of Service	Rapid reset attack could cause OutOfMemoryError via HTTP/2 implementation.	11.0.0-M1 to 11.0.0-M11
CVE-2023-42795	Information Disclosure	Incomplete request/response recycling could lead to information leaks.	11.0.0-M1 to 11.0.0-M11
CVE-2023-41080	Open Redirect	Specially crafted URLs could trigger redirects under certain conditions.	11.0.0-M1 to 11.0.0-M10
CVE-2023-46589	Request Smuggling	Trailer headers exceeding size limits could cause request smuggling.	11.0.0-M1 to 11.0.0-M10
CVE-2023-34981	Information Disclosure	Regression in AJP SEND_HEADERS message processing could leak headers.	11.0.0-M5
CVE-2023-28709	Denial of Service	Incomplete fix for previous DoS vulnerability, affecting query string parameters.	11.0.0-M2 to 11.0.0-M4
CVE-2023-28708	Information Disclosure	Session cookies lacked secure attribute when using RemoteIpFilter.	11.0.0-M1 to 11.0.0-M2
CVE-2023-24998	Denial of Service	Unrestricted file upload parts could lead to resource exhaustion.	11.0.0-M1

Steps to Mitigate Risks:

• Upgrade Software: Ensure Apache Tomcat and related software are upgraded to the latest versions to apply security patches for known vulnerabilities.
• Disable Default Servlet Writes: By default, writes to the default servlet are disabled. Ensure this setting remains unchanged unless necessary for specific applications.
• Proper Configuration: Regularly review configuration files to ensure they adhere to best practices, limiting potential attack vectors.
• Monitor System Resources: Keep an eye on system resources to quickly identify and address anomalies that might indicate a denial of service attack.
• Regular Audits and Testing: Conduct periodic security audits and penetration testing to identify any misconfigurations or vulnerabilities before they can be exploited.

The ongoing series of vulnerabilities in Apache Tomcat underscores the importance of maintaining robust security measures and staying up-to-date with the latest software updates.

While many of these issues are mitigated through updates, understanding the nature of these vulnerabilities helps administrators better secure their servers against potential threats.

Continuous monitoring and maintenance are crucial in protecting servers from both known and emerging risks.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.