Apache Tomcat Patches Critical RCE Vulnerability - 20241223003¶
Overview¶
The Apache Software Foundation has recently released a critical security update addressing a remote code execution (RCE) vulnerability in that affects a wide range of Tomcat versions.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Aapche Tomcat | - Apache Tomcat 11.0.0-M1 to 11.0.1 - Apache Tomcat 10.1.0-M1 to 10.1.33 - Apache Tomcat 9.0.0.M1 to 9.0.97 |
CVE-2024-56337 | 9.8 | Critical |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
- Apache: https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
Additional References¶
- Security Online: https://securityonline.info/cve-2024-56337-apache-tomcat-patches-critical-rce-vulnerability/