Multiple Critical Vulnerabilities Identified in Apache Tomcat
Apache Tomcat is an open-source software developed to support Java applications. It operates as a web server and servlet container, complying with Java EE (Enterprise Edition) specifications.
Due to its efficiency, flexibility, and extensive configuration options, Tomcat is widely used by both small and large organizations across various industries. However, several vulnerabilities have recently been identified, which are detailed below:
Details of the Vulnerabilities
- CVE-2024-52316: Vulnerability
- Severity Level: Critical (CVSS 9.8)
- Description: This vulnerability allows attackers to bypass authentication and gain unauthorized access to the system.
- CVE-2024-52317: Vulnerability
- Severity Level: Medium (CVSS 6.5)
- Affected Versions:
- Apache Tomcat 11.0.0-M1 to 11.0.0-M26
- Apache Tomcat 10.1.0-M1 to 10.1.30
- Apache Tomcat 9.0.0-M1 to 9.0.95
- Solution:
- Upgrade to Apache Tomcat 11.0.0 or later
- Upgrade to Apache Tomcat 10.1.31 or later
- Upgrade to Apache Tomcat 9.0.96 or later
- CVE-2024-52318: Vulnerability
- Severity Level: Medium (CVSS 6.1)
- Affected Versions:
- Apache Tomcat 11.0.0
- Apache Tomcat 10.1.31
- Apache Tomcat 9.0.96
- Solution:
- Upgrade to Apache Tomcat 11.0.1 or later
- Upgrade to Apache Tomcat 10.1.33 or later
- Upgrade to Apache Tomcat 9.0.97 or later
Recommendations
- Apply Updates: Update your systems to the latest versions listed above and apply available security patches as soon as possible.
- Share Information: Disseminate this information to your subsidiaries and partners and share your observations and findings with relevant cybersecurity organizations.
- Monitor System Security: Regularly monitor your systems, strengthen cybersecurity measures, and discontinue the use of affected versions.
These vulnerabilities pose significant risks to organizations using Apache Tomcat. Therefore, it is crucial to implement the recommended measures promptly to ensure security.
