This repository contains a Proof of Concept (POC) for CVE-2024-50379, a vulnerability affecting Apache Tomcat. The issue involves a Time-of-Check Time-of-Use (TOCTOU) race condition, which can lead to Remote Code Execution (RCE), especially on case-insensitive file systems like Windows.
CVE-2024-50379 is a vulnerability in Apache Tomcat that allows attackers to execute arbitrary code through a TOCTOU race condition. On case-insensitive file systems (e.g., Windows or macOS) and improperly configured servlets, this issue can be exploited.
The POC demonstrates the exploitation of CVE-2024-50379 by uploading a malicious JSP file that can replace existing files with a different case (FILE.JSP overwriting file.jsp) in a Windows-based environment.
-
File Upload Exploit:
- On a Windows server, upload a JSP file (
file.jsp). - Quickly replace it with a differently-cased file (
FILE.JSP). - Due to the case-insensitive nature, the older file (
file.jsp) will be overwritten.
- On a Windows server, upload a JSP file (
-
Changes in
web.xml:- Misconfigured permissions in
web.xmlcan enable write access for the Default Servlet, making the exploitation possible.
- Misconfigured permissions in
- Deploy Apache Tomcat server.
- Configure the Default Servlet with write permissions.
- Use the provided POC to upload JSP files and exploit the TOCTOU race condition.
- This POC is for educational purposes only.
- DO NOT USE this in production without strict security measures.
- Ensure proper configuration of servlets and file systems to mitigate similar vulnerabilities.
For more insights into CVE-2024-50379, check out my detailed blog:
Deep Dive & POC of CVE-2024-50379 in Apache Tomcat
This repository is provided under the MIT License.