Whoami

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.106 Description: A race condition exists due to concurrent execution using a shared resource with improper synchronization when using the APR/Native connector. This issue is particularly noticeable with client-initiated closes of HTTP/2 connections. Recommendations: Upgrade to version 9.0.107 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0-M1 through 11.0.1 Description: The issue is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that can be exploited to bypass case sensitivity checks and execute arbitrary code. This can be done by uploading a file that can be turned into malicious JSP code, resulting in remote code execution. The exploit can be carried out on case-insensitive file systems where Tomcat's default servlet has write functionality enabled. Over 894,000 Apache Tomcat applications are potentially vulnerable to this exploit. A proof-of-concept has been released, and it is expected that more exploitation will occur. Recommendations: Update to patched versions of Apache Tomcat and adjust Java configuration accordingly to prevent remote code execution. As a temporary workaround, consider disabling the default servlet's write functionality on case-insensitive file systems to minimize the risk of exploitation. Restrict access to the vulnerable `jsp` files to prevent malicious code execution until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 **Description** The issue is related to a vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware, specifically in the Core component. This vulnerability allows an unauthenticated attacker with network access via T3, IIOP to compromise the Oracle WebLogic Server. Successful attacks can result in the takeover of the Oracle WebLogic Server. It is estimated that over 18,000 services are potentially affected. The vulnerability can be exploited by sending specially crafted network packets, allowing an attacker to gain full access to the vulnerable software. **Recommendations** For Oracle WebLogic Server version 12.2.1.4.0, update to a newer version to mitigate the risk. For Oracle WebLogic Server version 14.1.1.0.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the T3 and IIOP protocols to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 12.2.1.4.0 through 14.1.1.0.0 **Description** The issue is related to insufficient input validation in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via T3 or IIOP to compromise the server. Successful attacks can result in the takeover of Oracle WebLogic Server. **Recommendations** For versions 12.2.1.4.0 and 14.1.1.0.0, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions prior to 11.0.2, 10.1.34, or 9.0.98. **Description** The Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. **Recommendations** - Upgrade Apache Tomcat to versions 11.0.2+, 10.1.34+, or 9.0.98+ to patch CVE-2024-50379 and CVE-2024. - Temporarily restrict write access to the default servlet if immediate update is not possible. - Disable the “examples” web application in Apache Tomcat to protect against the vulnerability. - Set the system property sun.io.useCanonCaches to false if using Java 8 or Java 11. - Set the system property sun.io.useCanonCaches to false if using Java 17. - No further configuration is required for Java 21 onwards. - Tomcat 11.0.3, 10.1.35, and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Applications Manager versions prior to 14 build 14880 Description: The issue allows an authenticated SQL Injection via a crafted Alarmview request. This can potentially be exploited by sending a malicious request to the affected system. Recommendations: For versions prior to 14 build 14880, update to a version 14 build 14880 or later to resolve the issue. As a temporary workaround, consider restricting access to the Alarmview request to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Applications Manager versions prior to build 14740 **Description** The issue concerns an unauthenticated SQL Injection in the REST API, which can be exploited via a crafted request. This leads to Remote Code Execution. **Recommendations** For versions prior to build 14740, update to build 14740 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation.