Re: CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet

Mark Thomas Thu, 19 Dec 2024 02:53:12 -0800

On 19/12/2024 10:49, Thiru wrote:

Hello There,


Good day!

Could you kindly help clarify the following regarding CVE-2024-50379?

In the default Tomcat setup, the readonly initialization parameter of the
DefaultServlet is not write-enabled, even for a case-insensitive file
system (Reference: https://tomcat.apache.org/tomcat-9.0-doc/default
-servlet.html).

Given this, am I correct in understanding that this vulnerability should
not affect default Tomcat installations?


You are correct.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet

Reply via email to