logo

Security Advisories

Documentation Cloud Services Solutions

CV_2024_12_1: Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability NO IMPACT

The CVE indicates a vulnerability in Apache Tomcat that can lead to remote code execution if the server's configuration allows writable directories.

Impacted Products

This vulnerability does not affect Commvault products.

Resolution

The Commvault software does not use Tomcat with the default servlet enabled for write and is unaffected by these vulnerabilities - CVE-2024-56337 and CVE-2024-50379.

CVE Details

Info Description

The Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat allows for Remote Code Execution (RCE) on case insensitive file systems when the default servlet is enabled for write. This vulnerability affects Apache Tomcat versions 11.0.0-M1 through 11.0.1, 10.1.0-M1 through 10.1.33, and 9.0.0.M1 through 9.0.97. An attacker can exploit this vulnerability to execute arbitrary code. It is recommended to upgrade to version 11.0.2, 10.1.34, or 9.0.08 to fix this issue. 

Related CVE: CVE-2024-56337

Documentation

https://documentation.commvault.com