Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat JBoss Web Server 5 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 5.8 on RHEL 7 | RedHat | jws5-tomcat-0:9.0.87-6.redhat_00006.1.el7jws | * |
| Red Hat JBoss Web Server 5.8 on RHEL 8 | RedHat | jws5-tomcat-0:9.0.87-6.redhat_00006.1.el8jws | * |
| Red Hat JBoss Web Server 5.8 on RHEL 9 | RedHat | jws5-tomcat-0:9.0.87-6.redhat_00006.1.el9jws | * |
| Red Hat JBoss Web Server 6 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 6.0 on RHEL 8 | RedHat | jws6-tomcat-0:10.1.8-15.redhat_00022.1.el8jws | * |
| Red Hat JBoss Web Server 6.0 on RHEL 9 | RedHat | jws6-tomcat-0:10.1.8-15.redhat_00022.1.el9jws | * |
| Tomcat6 | Ubuntu | trusty/esm | * |
| Tomcat7 | Ubuntu | trusty/esm | * |