Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-50379 PoC — Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Source
https://github.com/Alchemist3dot14/CVE-2024-50379
Associated Vulnerability
Title:Apache Tomcat: RCE due to TOCTOU issue in JSP compilation (CVE-2024-50379)
Description:Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Description
CVE-2024-50379 is a critical vulnerability affecting multiple versions of Apache Tomcat, an open source web server and servlet container widely used for deploying Java-based web applications. The vulnerability arises from a  Time-of-Use (TOCTOU) race condition that occurs when compiling JavaServer Pages (JSPs).
Readme
# CVE-2024-50379 Proof of Concept (PoC)

This repository contains a proof of concept (PoC) script to exploit **CVE-2024-50379**, a vulnerability in Apache Tomcat. The vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition that can lead to remote code execution (RCE) if the server's configuration allows writable directories.

---

## Features

- Uploads a malicious JSP shell to the vulnerable Apache Tomcat server.
- Executes arbitrary system commands via the uploaded shell.
- Demonstrates the exploitation process for CVE-2024-50379.

---

## Requirements

- **Python**: Version 3.x
- **Python Libraries**: `requests`
  - Install using:
    ```bash
    pip3 install requests
    ```

---

## Usage

### 1. Setup Vulnerable Environment

Ensure you have a vulnerable version of Apache Tomcat (e.g., 10.1.33) configured with:
- Writable `/uploads` directory.
- An upload handler JSP file (`upload.jsp`).


### 2. Run the PoC Script

To run the script, use the following command:
```bash
python3 poc.py <command>
File Snapshot

 [4.0K]  /data/pocs/4346350799bb6474f6f6904cd6e2648ab6d6fc4b
├── [2.6M]  2024-12-21 02-57-51.mkv
├── [1.9K]  poc.py
└── [1.0K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →