28 matches found
RockyLinux 10 : tomcat9 (RLSA-2025:11332)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11332 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...
Alibaba Cloud Linux 3 : 0119: tomcat (ALINUX3-SA-2025:0119)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0119 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-56337: Time-of-check Time-of-use...
ALSA-2025:11335 Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...
TencentOS Server 4: tomcat (TSSA-2024:1139)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1139 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Race Condition vulnerability in Apache Tomcat, due to a case insensitive file system, caused by improper default installation settings CVE-2024-56337. Apache Tomcat is used in our Speech microservices. This vulnerabilitiy has been...
SUSE: Security Advisory (SUSE-SU-2025:1126-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:1126-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:1024-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
tomcat10-10.1.35-1.1 on GA media (moderate)
tomcat10-10.1.35-1.1 on GA media Announcement ID: openSUSE-SU-2025:14897-1 Rating: moderate Cross-References: CVE-2004-56337 CVE-2024-56337 CVE-2025-24813 CVSS scores: CVE-2024-56337 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-24813 SUSE : 8.1...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-core
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of tomcat-embed-core Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 throu...
Linux Distros Unpatched Vulnerability : CVE-2024-56337
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1...
Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data
Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU Race Condition vulnerability in Apache Tomcat [CVE-2024-56337]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, caused by JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. CVE-2024-56337. Apache Tomcat is used by our...
Atlassian Confluence 6.10.x < 8.5.19 / 8.6.x < 9.2.1 (CONFSERVER-99216)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-99216 advisory. - Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1,...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-56337
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-56337 tomcat-embed-core-10.1.33.jar Publicly disclosed vulnerability found by Mend CVE-2024-56337. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat (CVE-2024-56337, CVE-2024-52316 and CVE-2024-50379)
Summary IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat:...
Photon OS 4.0: Apache PHSA-2025-4.0-0729
An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0729. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
K000149247: Apache tomcat vulnerability CVE-2024-56337
Security Advisory Description Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users...
Apache Tomcat 11.0.0-M1 < 11.0.2 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.97, 10.1.0-M1 to 10.1.33 or 11.0.0-M1 to 11.0.1. It is, therefore, affected by multiple vulnerabilities : - The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users...
CVE-2024-56337
The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...