Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Weakness
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 9.0.0 (including) | 9.0.98 (excluding) |
| Tomcat | Apache | 10.1.0 (including) | 10.1.34 (excluding) |
| Tomcat | Apache | 11.0.0 (including) | 11.0.2 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | tomcat-1:9.0.87-1.el8_10.3 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | tomcat-1:9.0.87-1.el8_8.4 | * |
| Red Hat Enterprise Linux 9 | RedHat | tomcat-1:9.0.87-2.el9_5.1 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | pki-servlet-engine-1:9.0.50-1.el9_2.2 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | tomcat-1:9.0.87-1.el9_2.3 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | tomcat-1:9.0.87-1.el9_4.3 | * |
| Red Hat JBoss Web Server 5 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 5.8 on RHEL 7 | RedHat | jws5-tomcat-0:9.0.87-6.redhat_00006.1.el7jws | * |
| Red Hat JBoss Web Server 5.8 on RHEL 8 | RedHat | jws5-tomcat-0:9.0.87-6.redhat_00006.1.el8jws | * |
| Red Hat JBoss Web Server 5.8 on RHEL 9 | RedHat | jws5-tomcat-0:9.0.87-6.redhat_00006.1.el9jws | * |
| Red Hat JBoss Web Server 6 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 6.0 on RHEL 8 | RedHat | jws6-tomcat-0:10.1.8-15.redhat_00022.1.el8jws | * |
| Red Hat JBoss Web Server 6.0 on RHEL 9 | RedHat | jws6-tomcat-0:10.1.8-15.redhat_00022.1.el9jws | * |
| Tomcat10 | Ubuntu | esm-apps/noble | * |
| Tomcat10 | Ubuntu | noble | * |
| Tomcat10 | Ubuntu | oracular | * |
| Tomcat10 | Ubuntu | upstream | * |
| Tomcat6 | Ubuntu | trusty/esm | * |
| Tomcat6 | Ubuntu | upstream | * |
| Tomcat7 | Ubuntu | trusty/esm | * |
| Tomcat7 | Ubuntu | upstream | * |
| Tomcat8 | Ubuntu | upstream | * |
| Tomcat9 | Ubuntu | devel | * |
| Tomcat9 | Ubuntu | esm-apps/bionic | * |
| Tomcat9 | Ubuntu | esm-apps/focal | * |
| Tomcat9 | Ubuntu | esm-apps/jammy | * |
| Tomcat9 | Ubuntu | esm-apps/noble | * |
| Tomcat9 | Ubuntu | focal | * |
| Tomcat9 | Ubuntu | jammy | * |
| Tomcat9 | Ubuntu | noble | * |
| Tomcat9 | Ubuntu | oracular | * |
| Tomcat9 | Ubuntu | plucky | * |
| Tomcat9 | Ubuntu | questing | * |
| Tomcat9 | Ubuntu | upstream | * |