VIR Vulnerability Intelligence Relay

CVE-2024-50379

medium
Published 2025-07-16 · Modified 2025-04-08
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
VIR risk
5.5

Description

Moderate: tomcat security update

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-3645.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-3683.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2351129

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2332817

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:3683

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-50379

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:11335

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-50379.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:11333

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:3683

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:3645

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:11335

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed
suse slesaffected
rockylinux rocky9fixed
debian debianbookwormfixed10.1.34-0+deb12u1
debian debianforkyfixed10.1.34-1
debian debiansidfixed10.1.34-1
debian debiantrixiefixed10.1.34-1
debian debianbullseyefixed9.0.43-2~deb11u11

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.apache.tomcat:tomcat-catalina>=11.0.0-M1,<11.0.211.0.2
java Mavenorg.apache.tomcat:tomcat-catalina>=10.1.0-M1,<10.1.3410.1.34
java Mavenorg.apache.tomcat:tomcat-catalina>=9.0.0.M1,<9.0.989.0.98
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=11.0.0-M1,<11.0.211.0.2
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=10.1.0-M1,<10.1.3410.1.34
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=9.0.0.M1,<9.0.989.0.98
java Mavenorg.apache.tomcat:tomcat-catalina>=8.5.0,<=8.5.100
java Mavenorg.apache.tomcat.embed:tomcat-embed-core>=8.5.0,<=8.5.100

References

Verify integrity in audit chain (admin only). AS-IS.