CVE-2024-50379: 
Java vulnerability analysis and mitigation

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability (CVE-2024-50379) was discovered in Apache Tomcat affecting versions 11.0.0-M1 through 11.0.1, 10.1.0-M1 through 10.1.33, and 9.0.0.M1 through 9.0.97. The vulnerability permits Remote Code Execution (RCE) on case insensitive file systems when the default servlet is enabled for write, which is not the default configuration (Apache List, NVD).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition that occurs during JSP compilation. The CVSS v3.1 base score is 9.8 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NetApp Advisory).

Successful exploitation of this vulnerability could lead to Remote Code Execution (RCE), potentially resulting in disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

Users are recommended to upgrade to Apache Tomcat version 11.0.2, 10.1.34, or 9.0.98, which contain fixes for this vulnerability. These versions were released to address the security issue (Apache List, NVD).