cve/2024/CVE-2024-50379.md

### [CVE-2024-50379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=11.0.0-M1%3C%3D%2011.0.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen)

### Description

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/12442RF/POC
- https://github.com/ARESHAmohanad/THM
- https://github.com/ARESHAmohanad/tryhackme
- https://github.com/Alchemist3dot14/CVE-2024-50379
- https://github.com/DMW11525708/wiki
- https://github.com/Erosion2020/JavaSec
- https://github.com/JFOZ1010/Nuclei-Template-CVE-2024-50379
- https://github.com/LeonardoE95/yt-en
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Ostorlab/KEV
- https://github.com/Shinbatsu/tryhackme-awesome
- https://github.com/SleepingBag945/CVE-2024-50379
- https://github.com/Threekiii/CVE
- https://github.com/Yuri08loveElaina/CVE-2024-50379
- https://github.com/Yuri08loveElaina/CVE-2024-50379-POC
- https://github.com/ZapcoMan/TomcatVulnToolkit
- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database
- https://github.com/adysec/POC
- https://github.com/damarant/CTF
- https://github.com/dear-cell/CVE-2024-50379
- https://github.com/diegopacheco/Smith
- https://github.com/dkstar11q/CVE-2024-50379-nuclei
- https://github.com/dragonked2/CVE-2024-50379-POC
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/gabrielvieira1/vollmed-java
- https://github.com/gomtaengi/CVE-2024-50379-exp
- https://github.com/greenberglinken/2023hvv_1
- https://github.com/iSee857/CVE-2024-50379-PoC
- https://github.com/iemotion/POC
- https://github.com/laoa1573/wy876
- https://github.com/oLy0/Vulnerability
- https://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/pwnosec/CVE-2024-50379
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/thmrevenant/tryhackme
- https://github.com/thunww/CVE-2024-50379
- https://github.com/v3153/CVE-2024-50379-POC
- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024
- https://github.com/yiliufeng168/CVE-2024-50379-POC
- https://github.com/zhanpengliu-tencent/medium-cve
- https://github.com/zulloper/cve-poc
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-50379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=11.0.0-M1%3C%3D%2011.0.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen)`

			`### Description`

			`Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/12442RF/POC`
			`- https://github.com/ARESHAmohanad/THM`
			`- https://github.com/ARESHAmohanad/tryhackme`
			`- https://github.com/Alchemist3dot14/CVE-2024-50379`
			`- https://github.com/DMW11525708/wiki`
			`- https://github.com/Erosion2020/JavaSec`
			`- https://github.com/JFOZ1010/Nuclei-Template-CVE-2024-50379`
			`- https://github.com/LeonardoE95/yt-en`
			`- https://github.com/Lern0n/Lernon-POC`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Shinbatsu/tryhackme-awesome`
			`- https://github.com/SleepingBag945/CVE-2024-50379`
			`- https://github.com/Threekiii/CVE`
			`- https://github.com/Yuri08loveElaina/CVE-2024-50379`
			`- https://github.com/Yuri08loveElaina/CVE-2024-50379-POC`
			`- https://github.com/ZapcoMan/TomcatVulnToolkit`
			`- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database`
			`- https://github.com/adysec/POC`
			`- https://github.com/damarant/CTF`
			`- https://github.com/dear-cell/CVE-2024-50379`
			`- https://github.com/diegopacheco/Smith`
			`- https://github.com/dkstar11q/CVE-2024-50379-nuclei`
			`- https://github.com/dragonked2/CVE-2024-50379-POC`
			`- https://github.com/eeeeeeeeee-code/POC`
			`- https://github.com/gabrielvieira1/vollmed-java`
			`- https://github.com/gomtaengi/CVE-2024-50379-exp`
			`- https://github.com/greenberglinken/2023hvv_1`
			`- https://github.com/iSee857/CVE-2024-50379-PoC`
			`- https://github.com/iemotion/POC`
			`- https://github.com/laoa1573/wy876`
			`- https://github.com/oLy0/Vulnerability`
			`- https://github.com/ph0ebus/Tomcat-CVE-2024-50379-Poc`
			`- https://github.com/plzheheplztrying/cve_monitor`
			`- https://github.com/pwnosec/CVE-2024-50379`
			`- https://github.com/taielab/awesome-hacking-lists`
			`- https://github.com/thmrevenant/tryhackme`
			`- https://github.com/thunww/CVE-2024-50379`
			`- https://github.com/v3153/CVE-2024-50379-POC`
			`- https://github.com/vitalii-moholivskyi/selected-cve-dataset-2024`
			`- https://github.com/yiliufeng168/CVE-2024-50379-POC`
			`- https://github.com/zhanpengliu-tencent/medium-cve`
			`- https://github.com/zulloper/cve-poc`