December 23, 2024 By Bill Toulas
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution.
Apache Tomcat is an open-source web server and servlet container widely used to deploy and run Java-based web applications. It provides a runtime environment for Java Servlets, JavaServer Pages (JSP), and Java WebSocket technologies.
The product is popular with large enterprises that run custom web apps, SaaS providers that rely on Java for backend services. Cloud and hosting services integrateTomcat for app hosting, and software developers use it to build, test, and deploy web apps.
The vulnerability fixed in the new release is tracked as CVE-2024-56337 and addresses an incomplete mitigation for CVE-2024-50379, a critical remote code execution (RCE), for which the vendor released an incomplete patch on December 17.