CyberSecurityBoard
Sponsor Register Login

Apache Tomcat Vulnerability Exposes Servers to RCE Attacks

Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. A critical Android vulnerability identified as CVE-2024-31317 has been discovered that allows attackers to execute arbitrary code with system privileges. The original code (patched in commit 0a668e0c) generated temporary filenames by replacing path separators (e.g., /) with internal dots (.), creating path equivalence vulnerabilities. Notably, this vulnerability compounds prior issues like CVE-2024-56337 (incomplete mitigation for CVE-2024-50379), highlighting systemic risks in Tomcat’s file-handling logic. The Apache Software Foundation has issued patches (Tomcat 11.0.3, 10.1.35, and 9.0.98) and urged immediate upgrades to mitigate exploitation risks. She is covering various cyber security incidents happening in the Cyber Space. Data Corruption: Attackers could tamper with session files (SESSIONS.ser) stored in $CATALINA_BASE/work, altering user sessions. RCE via JSP Uploads: Uploading a malicious JSP to the web root (e.g., webapps/ROOT) allows execution of arbitrary code. Organizations must prioritize upgrades, audit configurations, and adopt defense-in-depth strategies to safeguard Java web ecosystems.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 09:20:13 +0000


Cyber News related to Apache Tomcat Vulnerability Exposes Servers to RCE Attacks

CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
3 years ago
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
1 year ago Bleepingcomputer.com CVE-2023-49070 CVE-2023-51467
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com CVE-2023-46604
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online - Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and ...
1 year ago Bleepingcomputer.com CVE-2023-46604 CVE-2023-4660
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
1 year ago Bleepingcomputer.com CVE-2023-50164
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
1 year ago Bleepingcomputer.com CVE-2023-33246 CVE-2023-37582 Rocke
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
2 years ago Bleepingcomputer.com
JetBrains warns of new TeamCity auth bypass vulnerability - JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical ...
1 year ago Bleepingcomputer.com CVE-2024-23917 CVE-2023-42793 Andariel APT29
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits - The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. The flaw allows remote code execution and was fixed in late October. Apache's ...
1 year ago Bleepingcomputer.com CVE-2023-46604
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
1 year ago Cybersecuritynews.com CVE-2023-50164
The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
11 months ago Cybersecurity-insiders.com CVE-2023-46604 Andariel
CVE-2024-56337 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was ...
2 months ago Tenable.com CVE-2024-50379
CVE-2020-1938 - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available ...
2 years ago
Apache Tomcat Vulnerability Exposes Servers to RCE Attacks - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. A critical Android vulnerability identified as ...
18 hours ago Cybersecuritynews.com CVE-2024-31317
ConnectWise urges ScreenConnect admins to patch critical RCE flaw - ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. This security bug is due to an authentication bypass weakness that attackers can exploit ...
1 year ago Bleepingcomputer.com
CVE-2023-39913 - Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. ...
3 weeks ago
New Microsoft Exchange zero-days allow RCE, data theft attacks - Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. The zero-day vulnerabilities were disclosed by Trend Micro's ...
1 year ago Bleepingcomputer.com
VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
1 year ago Bleepingcomputer.com CVE-2023-34048 CVE-2023-34056
Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
1 year ago Bleepingcomputer.com CVE-2023-38547 CVE-2023-38549 CVE-2023-41723 FIN7 Cuba
WordPress fixes POP chain exposing websites to RCE attacks - WordPress has released version 6.4.2 that addresses a remote code execution vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website. WordPress is a highly popular open-source content ...
1 year ago Bleepingcomputer.com
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
1 year ago Bleepingcomputer.com CVE-2023-22522 CVE-2023-22524 CVE-2022-1471 CVE-2023-22523
Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks - A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer ...
1 year ago Cysecurity.news CVE-2021-27065
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
87% of DDoS Attacks Targeted Windows OS Devices in 2023 - Computers and servers became the primary target of attacks, making up 92% of DDoS attempts, compared to only 68% in the previous year. Attacks are also becoming shorter and less frequent, but more powerful. While the overall count in attack frequency ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)