bug-bounty504
google358
xss310
microsoft301
facebook265
rce221
exploit213
malware168
apple164
cve142
account-takeover116
bragging-post102
privilege-escalation98
csrf92
phishing86
browser80
writeup78
supply-chain69
authentication-bypass69
dos68
stored-xss65
ssrf57
reflected-xss57
reverse-engineering55
react54
access-control52
aws49
input-validation49
cross-site-scripting48
docker47
cloudflare47
lfi47
web-security46
node46
ctf45
sql-injection45
smart-contract45
ethereum44
web-application44
web343
defi43
oauth43
race-condition40
open-source39
auth-bypass39
pentest39
cloud38
idor37
burp-suite36
info-disclosure36
0
7/10
CVE-2024-50379 is a critical TOCTOU race condition vulnerability in Apache Tomcat (CVSS 9.8) affecting JSP compilation that allows remote code execution on case-insensitive filesystems when the default servlet is misconfigured with write permissions. The article provides a complete POC demonstrating how attackers can upload a benign JSP file then overwrite it with malicious code using case-sensitivity tricks (file.jsp vs FILE.JSP on Windows).
cve-2024-50379
tomcat
race-condition
toctou
rce
jsp
file-upload
arbitrary-code-execution
windows
case-insensitive-filesystem
web-server
misconfiguration
CVE-2024-50379
Apache Tomcat
Vidhi Patel
OpenWall