Apache security advisory (AV24-722)

Serial number: AV24-722
Date: December 18, 2024

On December 17, 2024, Apache published a security advisory to address a critical vulnerability in the following products:

• Apache Tomcat – versions 11.0.0-M1 to 11.0.1
• Apache Tomcat – versions 10.1.0-M1 to 10.1.33
• Apache Tomcat – versions 9.0.0.M1 to 9.0.97

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet
• Fixed in Apache Tomcat 9.0.98
• Fixed in Apache Tomcat 10.1.34
• Fixed in Apache Tomcat 11.0.2
• Apache Tomcat