cve/2024/CVE-2024-50379.md

### [CVE-2024-50379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=10.1.0-M1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=11.0.0-M1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=8.5.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.0.0.M1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brightgreen)

### Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/12442RF/POC
- https://github.com/20142995/nuclei-templates
- https://github.com/ARESHAmohanad/THM
- https://github.com/ARESHAmohanad/tryhackme
- https://github.com/Alchemist3dot14/CVE-2024-50379
- https://github.com/DMW11525708/wiki
- https://github.com/Erosion2020/JavaSec
- https://github.com/JFOZ1010/Nuclei-Template-CVE-2024-50379
- https://github.com/LeonardoE95/yt-en
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Ostorlab/KEV
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/Shinbatsu/awesome-tryhackme
- https://github.com/Shinbatsu/tryhackme-awesome
- https://github.com/SleepingBag945/CVE-2024-50379
- https://github.com/Threekiii/CVE
- https://github.com/YuoLuo/tomcat_cve_2024_50379_exploit
- https://github.com/Yuri08loveElaina/CVE-2024-50379
- https://github.com/Yuri08loveElaina/CVE-2024-50379-POC
- https://github.com/ZapcoMan/TomcatVulnToolkit
- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database
- https://github.com/adysec/POC
- https://github.com/bigb0x/CVE-2024-50379
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/damarant/CTF
- https://github.com/dear-cell/CVE-2024-50379
- https://github.com/diegopacheco/Smith
- https://github.com/dkstar11q/CVE-2024-50379-nuclei
- https://github.com/dragonked2/CVE-2024-50379-POC
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/gabrielvieira1/vollmed-java
- https://github.com/gomtaengi/CVE-2024-50379-exp
- https://github.com/greenberglinken/2023hvv_1
- https://github.com/iSee857/CVE-2024-50379-PoC
- https://github.com/iemotion/POC
- https://github.com/laoa1573/wy876
- https://github.com/lizhianyuguangming/CVE-2024-50379-exp
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oLy0/Vulnerability
- https://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/pwnosec/CVE-2024-50379
- https://github.com/rix4uni/medium-writeups
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tanjiti/sec_profile
- https://github.com/thmrevenant/tryhackme
- https://github.com/thunww/CVE-2024-50379
- https://github.com/tobiasGuta/custom-poc
- https://github.com/v3153/CVE-2024-50379-POC
- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/yiliufeng168/CVE-2024-50379-POC
- https://github.com/zhanpengliu-tencent/medium-cve
- https://github.com/zulloper/cve-poc
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-50379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=10.1.0-M1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=11.0.0-M1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=8.5.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=9.0.0.M1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brightgreen)`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00
			`### Description`

Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00
			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/12442RF/POC`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/20142995/nuclei-templates`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/ARESHAmohanad/THM`
			`- https://github.com/ARESHAmohanad/tryhackme`
			`- https://github.com/Alchemist3dot14/CVE-2024-50379`
			`- https://github.com/DMW11525708/wiki`
			`- https://github.com/Erosion2020/JavaSec`
			`- https://github.com/JFOZ1010/Nuclei-Template-CVE-2024-50379`
			`- https://github.com/LeonardoE95/yt-en`
			`- https://github.com/Lern0n/Lernon-POC`
			`- https://github.com/Ostorlab/KEV`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/PuddinCat/GithubRepoSpider`
			`- https://github.com/Shinbatsu/awesome-tryhackme`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/Shinbatsu/tryhackme-awesome`
			`- https://github.com/SleepingBag945/CVE-2024-50379`
			`- https://github.com/Threekiii/CVE`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/YuoLuo/tomcat_cve_2024_50379_exploit`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/Yuri08loveElaina/CVE-2024-50379`
			`- https://github.com/Yuri08loveElaina/CVE-2024-50379-POC`
			`- https://github.com/ZapcoMan/TomcatVulnToolkit`
			`- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database`
			`- https://github.com/adysec/POC`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/bigb0x/CVE-2024-50379`
			`- https://github.com/cyb3r-w0lf/nuclei-template-collection`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/damarant/CTF`
			`- https://github.com/dear-cell/CVE-2024-50379`
			`- https://github.com/diegopacheco/Smith`
			`- https://github.com/dkstar11q/CVE-2024-50379-nuclei`
			`- https://github.com/dragonked2/CVE-2024-50379-POC`
			`- https://github.com/eeeeeeeeee-code/POC`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/fkie-cad/nvd-json-data-feeds`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/gabrielvieira1/vollmed-java`
			`- https://github.com/gomtaengi/CVE-2024-50379-exp`
			`- https://github.com/greenberglinken/2023hvv_1`
			`- https://github.com/iSee857/CVE-2024-50379-PoC`
			`- https://github.com/iemotion/POC`
			`- https://github.com/laoa1573/wy876`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/lizhianyuguangming/CVE-2024-50379-exp`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/oLy0/Vulnerability`
			`- https://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc`
			`- https://github.com/plzheheplztrying/cve_monitor`
			`- https://github.com/pwnosec/CVE-2024-50379`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/rix4uni/medium-writeups`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/taielab/awesome-hacking-lists`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/tanjiti/sec_profile`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/thmrevenant/tryhackme`
			`- https://github.com/thunww/CVE-2024-50379`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/tobiasGuta/custom-poc`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/v3153/CVE-2024-50379-POC`
			`- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/wy876/POC`
			`- https://github.com/wy876/wiki`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/yiliufeng168/CVE-2024-50379-POC`
			`- https://github.com/zhanpengliu-tencent/medium-cve`
			`- https://github.com/zulloper/cve-poc`