CVE
CVE-2024-56337
| CVE ID |
CVE-2024-56337
|
|---|---|
| CVSS Score |
NA
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
8.5.107-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary :
This release addresses CVE-2024-56337 security vulnerability that pertains to an incomplete mitigation of the previously disclosed vulnerability CVE-2024 50379. The vulnerability arises from a race condition that could lead to Remote Code Execution (RCE) under specific configurations.
Important: CVE-2024-50379 mitigation
The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case-insensitive file system with the default servlet write-enabled (the readonly initialization parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379, depending on which version of Java you are using with Tomcat:
• Running on Java 8 or Java 11: The system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true).
• Running on Java 17: The system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false).
• Running on Java 21 and later: No further configuration is required (the system property and the problematic cache have been removed).